Which source does NOT contribute to Cortex XDR?

Cortex XDR is a comprehensive detection and response solution that integrates data from various sources to provide enhanced security visibility and incident response capabilities. The components that contribute data to Cortex XDR are typically related to network and user activity, along with real-time threat intelligence.

Logs from firewall devices, such as firewall logs, provide critical insights into traffic patterns and possible security incidents. Similarly, logs from Prisma Access, which delivers secure access to applications and data, also feed into Cortex XDR, helping correlate and analyze events across a distributed network.

Directory Sync data sent to Cortex Hub enables the incorporation of identity management information, which is essential for understanding user behavior and context in security discussions. By gathering this data, Cortex XDR can create a more comprehensive view of both user and endpoint activities.

Virustotal, a service that aggregates antivirus and URL scanning engines, while useful for threat intelligence, does not directly feed logs into Cortex XDR. Instead, it provides independent threat analysis rather than contributing event or activity logs. This distinction makes it clear why this choice is the correct answer in identifying a source that does not contribute to Cortex XDR.