U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Palo Alto Networks SecOps-Pro Exam - Topic 5 Question 3 Discussion

What is required to enable ingestion of on-premises firewall logs into Cortex XDR?
A) Broker VM
B) API
C) PAN-OS content pack
D) Cloud Identity Engine

Palo Alto Networks SecOps-Pro Exam - Topic 5 Question 3 Discussion

Actual exam question for Palo Alto Networks's SecOps-Pro exam
Question #: 3
Topic #: 5
[All SecOps-Pro Questions]

What is required to enable ingestion of on-premises firewall logs into Cortex XDR?

Show Suggested Answer Hide Answer
Suggested Answer: A

To get logs from on-premises hardware into the cloud-native Cortex Data Lake, a 'bridge' is required. This is the role of the Broker VM.

Local Collector: The Broker VM is a virtual machine (running on ESXi or Hyper-V) that sits inside your local network. It acts as a local syslog server, NetFlow collector, or Windows Event collector.

Secure Forwarding: It receives the raw logs from on-premises Firewalls, compresses and encrypts them, and then securely uploads them to the Cortex Data Lake.

Management: It also serves as a proxy for the Cortex XDR agents and helps with tasks like Local Scanning and Directory Sync. Without the Broker VM, on-premises firewalls that cannot natively reach the cloud would have no way to contribute their data to the XDR 'stitching' process.


Contribute your Thoughts:

0/2000 characters

Currently there are no comments in this discussion, be the first to comment!


Save Cancel