Palo Alto Firewall Integration

Palo Alto Firewall

Version: Palo Alto Appliance, PanOS version 2.0-8.1.

Palo Alto next-generation security hardware and virtual appliances allows you to secure your virtualized and cloud-based computing environments. It uses for networking, security, threat prevention, and management to deliver predictable performance.

Netsurion's Open XDR platform seamlessly combines SIEM, Log Management, File Integrity Monitoring, machine Analytics and so forth.

Netsurion Data Source Integration for Palo Alto Firewall allows you to monitor the following components:-

Security - Firewall threat details.
Operation - Firewall traffic details and console/vpn configuration changes.
Compliance - Firewall logon success and failure, vpn login/logout and logon failures.

Once Palo Alto is configured to deliver events to Netsurion's Open XDR platform; alerts, dashboards and reports can be configured into Netsurion's Open XDR platform.

Some of the Data Source Integrations available in Netsurion are listed below.

Alerts

Type	Name	Description
Security	Palo Alto Firewall - Virus detected	This alert is generated when any virus is detected in the traffic by the Palo Alto Firewall.
Security	Palo Alto Firewall - Vulnerability detected	This alert is generated when any vulnerability is detected in the traffic by the Palo Alto Firewall.
Operations	Palo Alto Firewall - Configuration success and failure	This alert is generated when any configuration success or failure is done in the Palo Alto Firewall.
Operations	Palo Alto Firewall - VPN configuration changes	This alert is generated when any vpn configuration changes is done in the Palo Alto Firewall.
Compliance	Palo Alto Firewall - Logon failure	This alert is generated when any logon failure is attempted in the Palo Alto Firewall.
Compliance	Palo Alto Firewall - VPN login failures	This alert is generated when any vpn login failure is attempted in the Palo Alto Firewall.

Reports

Type	Name	Description
Security	Palo Alto Firewall - Threat details	This report provides information related to threat detection which includes threat id, protocol type, action taken, source address, source port, source location, destination address, destination port and destination location.
Operations	Palo Alto Firewall - Traffic details	This report provides information related to traffic flow which includes session id, source address, source port, source location, destination address, destination port, destination location, protocol type, total bytes, bytes sent, bytes received, total packets, packets sent and packets received.
Operations	Palo Alto Firewall - Configuration success or failure	This provides information related to changes that happens in configuration of Palo Alto firewall which includes user, source IP, console type, and configuration path.
Operations	Palo Alto Firewall - VPN configuration changes	This report provides information related to vpn configuration changes that is done in Palo Alto firewall which includes user, source IP, console type, and configuration path.
Compliance	Palo Alto Firewall- Logon failure	This report provides information related to user logon failure in Palo Alto firewall which includes source IP, user and reason.
Compliance	Palo Alto Firewall- Logon success	This report provides information related to user login success in Palo Alto firewall which includes source IP and user.
Compliance	Palo Alto Firewall- VPN login and logout activity	This report provides information related to VPN user login and logout activity which include user name, source IP, status and reason.
Compliance	Palo Alto Firewall- VPN login failures	This report provides information related to vpn logon failure in Palo Alto firewall which includes source IP, user and reason.

Documentation

The configuration details are consistent with Netsurion's Open XDR platform version 8.x or later, and Palo Alto Appliance, PanOS version 2.0 - 8.1.

Download Integration Guide and How-to Guide for more information and to configuration instructions.