Palo Alto Networks

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Palo Alto Networks is a global cybersecurity leader known for its next-generation firewall technology that provides comprehensive network security. Their solutions offer deep visibility into network traffic, applications, and threats, enabling organizations to prevent cyberattacks, enforce security policies, and protect data across cloud, network, and endpoint environments.

Getting data in

Source	Add-ons and Apps	Guidance
Palo Alto Networks Palo Alto Network logs are network security logs that come from next-generation firewall technology that enables applications – regardless of port, protocol, evasive tactic, or SSL encryption – and scans content to stop targeted threats and prevent data leakage. They provide insight into the use of applications, helping you maintain complete visibility and control simplifying network security. Palo Alto Networks logs provide deep visibility into network traffic information, including: the date and time, source and destination zones, addresses and ports, application name, security rule name applied to the flow, rule action (allow, deny, or drop), ingress and egress interface, number of bytes, and session end reason. They also provide system information, host information profiles, malware analysis, information about configuration changes, security alerts, and more.	Splunk platform Splunk Add-on for Palo Alto Networks Splunk App for Palo Alto Networks Splunk SOAR Palo Alto Networks Firewall	Splunk Lantern Articles Using ingest actions to filter Palo Alto Logs Monitoring for network traffic volume outliers Detecting the use of randomization in cyberattacks Reconstructing a website defacement Detecting network and port scanning Detecting TOR traffic Running common General Data Protection Regulation (GDPR) compliance searches Managing firewall rules Reducing PAN and Cisco security firewall logs with Splunk Edge Processor Reducing Palo Alto Networks log volume with the SPL2 template Transforming Palo Alto Networks firewall data with Data Management Pipeline Builders

Source

Add-ons and Apps

Guidance

Palo Alto Networks

Palo Alto Network logs are network security logs that come from next-generation firewall technology that enables applications – regardless of port, protocol, evasive tactic, or SSL encryption – and scans content to stop targeted threats and prevent data leakage. They provide insight into the use of applications, helping you maintain complete visibility and control simplifying network security.

Palo Alto Networks logs provide deep visibility into network traffic information, including: the date and time, source and destination zones, addresses and ports, application name, security rule name applied to the flow, rule action (allow, deny, or drop), ingress and egress interface, number of bytes, and session end reason. They also provide system information, host information profiles, malware analysis, information about configuration changes, security alerts, and more.

Splunk platform

Splunk SOAR

Palo Alto Networks Firewall

Splunk Lantern Articles

Palo Alto data sources

Palo Alto and Splunk provide various data ingestion mechanisms aligned with refreshed and Splunk-supported add-ons.

Source type	Ingestion method	Configuration manual
PAN-OS / On-premises hardware	Syslog, UDP, TCP, SSL	Firewalls and Panorama
Cloud NGFW / Cortex Data Lake	HTTP Event Collector (HEC)	Cortex Data Lake data
Prisma Cloud	HTTP Event Collector (HEC)	Prisma Cloud
IoT Security	Modular input	Set up account Set input
Cortex XDR	Modular input	Set up account Set input
Panorama	Syslog, UDP, TCP, SSL	Set actionable account Firewalls and Panorama
Strata Logging Service	HTTP Event Collector (HEC)	Forward logs to HEC
Data Security	Modular input	Set up account Set input