What functionality of the Broker VM would you use to ingest third-party firewall logs to the Cortex Data Lake?

What functionality of the Broker VM would you use to ingest third-party firewall logs to the Cortex Data Lake?
A . Netflow Collector
B . Syslog Collector
C . DB Collector
D . Pathfinder

View Answer

Answer: B

Explanation:

The Broker VM is a virtual machine that acts as a data broker between third-party data sources and the Cortex Data Lake. It can ingest different types of data, such as syslog, netflow, database, and pathfinder. The Syslog Collector functionality of the Broker VM allows it to receive syslog messages from third-party devices, such as firewalls, routers, switches, and servers, and forward them to the Cortex Data Lake. The Syslog Collector can be configured to filter, parse, and enrich the syslog messages before sending them to the Cortex Data Lake. The Syslog Collector can also be used to ingest logs from third-party firewall vendors, such as Cisco, Fortinet, and Check Point, to the Cortex Data Lake. This enables Cortex XDR to analyze the firewall logs and provide visibility and threat detection across the network perimeter.

Reference: Cortex XDR Data Broker VM Syslog Collector

Supported Third-Party Firewall Vendors