Palo Alto Networks

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Palo Alto Network logs are network security logs that come from next-generation firewall technology that enables applications – regardless of port, protocol, evasive tactic, or SSL encryption – and scans content to stop targeted threats and prevent data leakage. They provide insight into the use of applications, helping you maintain complete visibility and control simplifying network security.

Palo Alto Networks logs provide deep visibility into network traffic information, including: the date and time, source and destination zones, addresses and ports, application name, security rule name applied to the flow, rule action (allow, deny, or drop), ingress and egress interface, number of bytes, and session end reason. They also provide system information, host information profiles, malware analysis, information about configuration changes, security alerts, and much more.

Getting data in

Source	Add-ons and Apps	Guidance
Palo Alto Networks	Splunk platform Palo Alto Networks Add-on for Splunk Palo Alto Networks App for Splunk Splunk SOAR Palo Alto Networks Firewall	Use Cases Monitoring for network traffic volume outliers Detecting the use of randomization in cyberattacks Reconstructing a website defacement Detecting network and port scanning Detecting TOR traffic Running common General Data Protection Regulation (GDPR) compliance searches Managing firewall rules

Source

Add-ons and Apps

Guidance

Palo Alto Networks

Splunk platform

Splunk SOAR

Palo Alto Networks Firewall

Use Cases