Version:

Palo Alto Network Firewall

Palo Alto Network Firewall enables you to monitor and identify threats in your organization using Palo Alto Network Firewall data. It includes the Syslog Collector based PaloAlto log source template, which ensures consistency in collecting, processing and analyzing Palo Alto Network Firewall logs for precise security event analysis and reporting.

Logpoint aggregates and normalizes logs from every Palo Alto Networks Firewall device so you can analyze the information through dashboards and security reports. Palo Alto Network Firewall dashboards visualize events such as traffic, threat, user, content, system and firewall configurations.

Logpoint triggers security alerts based on predetermined alert rules when identifying the Palo Alto Network Firewall events. The automated alerts enable you to detect possible issues early and take corrective actions against them. You can further customize the data and searches to perform in-depth analysis.

You can configure Palo Alto Network Firewall from Log Source Template or Devices. We recommend using log source template.

Supported Devices/Sources

  • CEF logs of all versions of PAN-OS

  • CSV logs of PAN-OS 6.1, 7.1, 8.0, 8.1, 9.0, 9.1, 10.0

  • Palo Alto Next-Generation Firewalls

  • Palo Alto Networks Panorama

Palo Alto Network Firewall Components

  1. Dashboard Packages

    • LP_PaloAlto: User Activities

    • LP_PaloAlto: File Activities

    • LP_PaloAlto: Firewall

    • LP_PaloAlto: Config Overview

    • LP_PaloAlto: General

    • LP_PaloAlto: Content Overview

    • LP_PaloAlto: Threats

    • LP_PaloAlto: Traffic

    • LP_PaloAlto: System Overview

  2. Report Packages

    • LP_PaloAlto: Firewall

    • LP_PaloAlto: Config Overview

    • LP_PaloAlto: General

    • LP_PaloAlto: Content Overview

    • LP_PaloAlto: Threats

    • LP_PaloAlto: Traffic

    • LP_PaloAlto: System Overview

  3. Label Package

    • LP_PaloAltoNetworkFirewall

  4. Compiled Normalizers

    • PaloAltoCEFCompiledNormalizer

    • PaloAltoNetworkFirewallCompiledNormalizer

  5. Normalization Packages

    • LP_PaloAlto Cortex Data Lake

    • LP_Palo Alto Global Protect

  6. Alert Packages

    • LP_PaloAlto Potential Risk Activity

    • LP_PaloAlto HTTP Request Block

    • LP_PaloAlto Bypass Content Filter

    • LP_PaloAlto Brute Force Attempts

    • LP_PaloAlto Session Drop

    • LP_PaloAlto Illegal Content Download

    • LP_PaloAlto Cortex Risk Events Unrestricted

    • LP_PaloAlto Multiple Failed Login

    • LP_PaloAlto Cortex Risk Events Terminated

    • LP_PaloAlto Brute Force on Block Override

    • LP_PaloAlto Potential C2 Connection

    • LP_PaloAlto Log Deletion

    • LP_PaloAlto Flooding Packet Drop

    • LP_PaloAlto Risk Events Allowed

    • LP_PaloAlto DNS SinkHole Activate

Helpful?

We are glad this guide helped.


Please don't include any personal information in your comment

Contact Support