Skip to main content

 

Splunk Lantern

Palo Alto Networks

 

Palo Alto Network logs are network security logs that come from next-generation firewall technology that enables applications – regardless of port, protocol, evasive tactic, or SSL encryption – and scans content to stop targeted threats and prevent data leakage. They provide insight into the use of applications, helping you maintain complete visibility and control simplifying network security. 

Palo Alto Networks logs provide deep visibility into network traffic information, including: the date and time, source and destination zones, addresses and ports, application name, security rule name applied to the flow, rule action (allow, deny, or drop), ingress and egress interface, number of bytes, and session end reason. They also provide system information, host information profiles, malware analysis, information about configuration changes, security alerts, and much more.

Before looking at documentation for specific data sources, review the Splunk Docs information on general data ingestion: 

Palo Alto data sources

Palo Alto and Splunk provide various data ingestion mechanisms aligned with refreshed and Splunk-supported add-ons.

Source type Ingestion method Configuration manual

PAN-OS / On-premises hardware

Syslog, UDP, TCP, SSL

Firewalls and Panorama

Cloud NGFW / Cortex Data Lake

HTTP Event Collector (HEC)

Cortex Data Lake data

Prisma Cloud

HTTP Event Collector (HEC)

Prisma Cloud

IoT Security

Modular input

Set up account

Set input

Cortex XDR

Modular input

Set up account

Set input

Panorama

Syslog, UDP, TCP, SSL

Set actionable account

Firewalls and Panorama

Strata Logging Service

HTTP Event Collector (HEC)

Forward logs to HEC

Data Security

Modular input

Set up account

Set input