Palo Alto Networks XSIAM Engineer — Question 54

An application which ingests custom application logs is hosted in an on-premises virtual environment on an Ubuntu server, and it logs locally to a .csv file.
Which set of actions will allow the ingestion of the .csv logs into Cortex XSIAM directly from the server?

Answer options

• A. Install a Broker VM in the environment, and configure the CSV Collector to collect the files of interest.
• B. Install a Cortex XDR agent on the Ubuntu server, and configure the agent to collect the files of interest.
• C. Install a Broker VM in the environment, and migrate the application to the Broker VM.
• D. Install XDR Collector on the Ubuntu server, and configure the agent to collect the files of interest.

Correct answer: A

Explanation

The correct answer is A because installing a Broker VM and configuring the CSV Collector specifically allows for the targeted collection of .csv files from the local environment. Option B, while it involves a Cortex XDR agent, does not address the CSV log collection directly. Option C suggests migrating the application, which is unnecessary for log ingestion. Option D incorrectly focuses on the XDR Collector instead of the appropriate CSV Collector for this task.