Version:

Configuring Palo Alto Network Firewall

Adding a Normalization Policy for Palo Alto Network Firewall

  1. Go to Settings >> Configuration from the navigation bar and click Normalization Policies.

  2. Click Add.

  3. Enter a Policy Name.

  4. Select the Compiled Normalizers for Palo Alto Network Firewall.

  5. Click Submit.

_images/norm1.png

Adding a Normalization Policy

Adding the Palo Alto Network Firewall as a device

  1. Go to Settings >> Configuration from the navigation bar and click Devices.

  2. At the top left, click Add.

_images/norm2.png

Creating Palo Alto Firewall as a Device

  1. Enter a device Name.

  2. Enter the IP address(es) of the Palo Alto Network Firewall.

  3. Select the Device Groups.

  4. Select an appropriate Log Collection Policy for the logs.

  5. Select a collector/forwarder from the Distributed Collector.

Note

It is optional to select the Device Groups, the Log Collection Policy, and the Distributed Collector.

  1. Select Time Zone.

Note

The timezone of the device should be the same as its log source.

  1. Configure the Risk Values for Confidentiality, Integrity, and Availability. These values are used to calculate the risk levels of the alerts generated from the device.

  2. Click Submit.

Configuring the Syslog Collector for Palo Alto Network Firewall

  1. Go to Settings >> Configuration from the navigation bar and click Devices.

  2. Search for the previously added device.

  3. Click the Add icon from Actions.

  4. Click Syslog Collector on AVAILABLE COLLECTORS FETCHERS.

_images/norm3.png

Available Collectors Fetchers Panel

  1. Select Syslog Parser as Parser.

  2. Select a Processing Policy that uses the previously created normalization policy.

  3. Select the Charset.

  4. In Proxy Server, select None

  5. Click Submit.

_images/norm4.png

Configuring Syslog Collector

Helpful?

We are glad this guide helped.


Please don't include any personal information in your comment

Contact Support