What is the default log destination for S3 bucket in the Cloud NGFW CloudFormation template (CFT) that is launched to set up the tenant?
What is the default log destination for S3 bucket in the Cloud NGFW CloudFormation template (CFT) that is launched to set up the tenant?
The default log destination for S3 buckets in the Cloud NGFW CloudFormation template is 'PaloAltoCloudNGFW'. This is a predefined value used by the template for configuring logging. CloudWatch Log Group and Kinesis Data Firehose also use this default value in the CFT, and the template requires pre-existing destinations with these names to capture logs successfully.
answer is B https://docs.paloaltonetworks.com/cloud-ngfw/aws/cloud-ngfw-on-aws/create-cloud-ngfw-instances-and-endpoints/configure-logging-for-the-cloud-ngfw-on-aws
I don't 100% sure. The next text say S3 has no default log destination. "The CloudWatch Log Group and Kinesis Data Firehose have a default value of PaloAltoCloudNGFW in the CFT. The S3 Bucket has no default. The Cloud NGFW does not create these resources in your AWS environment. The CFT gives the Cloud NGFW the permissions to write the logs to the destination. A destination with name you provided in the CFT must exist in your deployment to successfully capture NGFW logs." https://docs.paloaltonetworks.com/cloud-ngfw/aws/cloud-ngfw-on-aws/create-cloud-ngfw-instances-and-endpoints/configure-logging-for-the-cloud-ngfw-on-aws
answer is B ? Palo Alto says The CloudWatch Log Group and Kinesis Data Firehose have a default value of PaloAltoCloudNGFW in the CFT. The S3 Bucket has no default. The Cloud NGFW does not create these resources in your AWS environment. The CFT gives the Cloud NGFW the permissions to write the logs to the destination. A destination with name you provided in the CFT must exist in your deployment to successfully capture NGFW logs.
Because of the way it is written, I would say "B". (Horribly written question)