The action of forwarding Strata Logging Service data to Security Operations Center (SOC) tools for investigation is a fundamental part of ongoing security operations. This directly aligns with the "Report and Maintenance" step of the Palo Alto Networks Zero Trust methodology. This phase focuses on continuously monitoring the environment, inspecting and logging all traffic, analyzing the collected data for threats, and maintaining the security posture. Sending logs to a SOC is a primary mechanism for enabling this continuous monitoring and maintenance loop.

A. Map and Verify Transactions: This is an earlier discovery phase focused on identifying and understanding traffic flows before policies are created, not on operational log forwarding for SOC analysis.

B. Implementation: This step involves the creation and application of security policies based on the mapped transactions, whereas this scenario describes a post-deployment, operational activity.

C. Standards and Designs: This is a high-level, pre-implementation planning phase for defining the overall security architecture, not the specific operational task of forwarding logs.

1. Palo Alto Networks

"Zero Trust Deployment Guide": The guide outlines a five-step methodology for implementing Zero Trust. Step 5

"Monitor and Maintain the Zero Trust Network

" explicitly covers the activities of inspecting and logging all traffic and using this data for continuous analysis. The guide states

"The final step in the Zero Trust methodology is to monitor and maintain the network... This includes inspecting and logging all traffic... This information can be sent to a security information and event management (SIEM) system for correlation and analysis." This directly corresponds to the "Report and Maintenance" phase and the action described in the question.

2. Palo Alto Networks

"What Is a Zero Trust Architecture?" White Paper: This document describes the core principles and implementation steps. The section on "Monitor and Maintain" emphasizes the need for continuous visibility and analytics

which is achieved by centralizing logs (e.g.

in Strata Logging Service) and integrating with SOC tools for threat hunting and incident response. This reinforces that forwarding logs for investigation is a key maintenance and reporting function.