Palo Alto Networks XSIAM Engineer — Question 8

How will Cortex XSIAM help with raw log ingestion from third-party sources in an existing infrastructure?

Answer options

• A. Any structured logs coming into it are left completely unchanged, and only metadata is added to the raw data.
• B. For structured logs, like CEF, LEEF, and JSON, it decouples the key-value pairs and saves them in table format.
• C. Any unstructured logs coming into it are left completely unchanged, and metadata is not added to the raw data.
• D. For unstructured logs, it decouples the key-value pairs and saves them in a table format.

Correct answer: B

Explanation

The correct answer is B because Cortex XSIAM specifically processes structured logs by separating key-value pairs and organizing them into a table format, enhancing data usability. Option A is incorrect because while it states that structured logs are unchanged, it fails to mention the significant processing that occurs. Option C is not accurate as it refers to unstructured logs, which do not receive metadata adjustments. Option D incorrectly asserts that unstructured logs are processed similarly to structured logs, which is not the case.