Palo Alto Networks Firewalls with Strata Logging Service Integration
Note: This integration requires Cisco XDR Advantage or Cisco XDR Premier licensing tier.
Palo Alto Networks Firewalls can be configured to send logs to Strata Logging Service. In this configuration, they can be integrated with Cisco XDR to provide security alerts into Cisco XDR, where they are normalized and enriched with endpoint and cloud data from various products and included in Incidents for your teams to respond to. This integration also allows you to include firewall security detections in your investigations of observables such as IP addresses, URLs, file names, MD5 hashes, SHA-256 hashes, emails, and email subjects.

-
In the Cisco XDR navigation menu, choose Administration > Integrations.
-
On the Integrations page, click the Third-Party tab and navigate to the Palo Alto Networks Cortex Cloud integration.
-
Click the plus sign (+) in the lower-right corner of the card. The Palo Alto Networks Cortex Cloud integration page is displayed.
-
Expand the Integration Guide area and follow the instructions on how to add the Palo Alto Networks Firewalls with Strata Logging Service integration in Cisco XDR.

You can perform the following tasks after you integrate Palo Alto Networks Firewalls with Strata Logging Service with Cisco XDR:
-
Investigations - Start a new investigation into any combination of IP addresses, URLs, file names, MD5 hashes, SHA-256 hashes, emails, and email subjects, and the results will include any records of them found in your Palo Alto Networks Firewalls with Strata Logging Service. To verify that this integration is working, and to see what kind of data is returned, investigate one of more observables about which you know Palo Alto Networks Firewalls with Strata Logging Service has recent information. For details, see Investigate.