Palo Alto Firewall
Version: Palo Alto Appliance, PanOS version 2.0-8.1.
Palo Alto Networks, the next-generation firewalls provide a flexible networking architecture that includes support for dynamic routing, switching, and VPN connectivity, enabling you to deploy the firewall into nearly any networking environment. When configuring the Ethernet ports on your firewall, you can choose from virtual wire, Layer 2, or Layer 3 interface deployments. In addition, to allow you to integrate into a variety of network segments, you can configure different types of interfaces on different ports.
Netsurion Open XDR seamlessly integrates SIEM, Log Management, File Integrity Monitoring, and machine analytics. Netsurion Open XDR enables monitoring events obtained from the Palo Alto Firewall. The alerts, reports, dashboards, and categories in the Netsurion Open XDR benefit in capturing essential and critical activities in the Palo Alto Firewall.
The following are the key Data Source Integrations available in the Netsurion Open XDR platform.
Alerts
| Type | Name | Description |
|---|---|---|
| Operational | Palo Alto Firewall – Configuration success and failure | This alert is generated whenever any configuration succeeds or fails in the Palo Alto Firewall. |
| Operational | Palo Alto Firewall – VPN configuration changes | This alert is generated whenever any VPN configuration is modified in the Palo Alto Firewall. |
| Compliance | Palo Alto Firewall – Logon failure | This alert is generated whenever any logon failure occurs in the Palo Alto Firewall. |
| Compliance | Palo Alto Firewall – VPN login failures | This alert is generated whenever any VPN login failure occurs in the Palo Alto Firewall. |
| Compliance | Palo Alto Firewall – User login success outside US | This alert is generated when any logon failure has occurred outside the US region. |
| Security | Palo Alto Firewall – Virus detected | This alert is generated whenever Palo Alto Firewall detects any virus in the traffic. |
| Security | Palo Alto Firewall – Vulnerability detected | This alert is generated whenever Palo Alto Firewall detects any vulnerability in the traffic. |
Reports
| Type | Name | Description |
|---|---|---|
| Operational | Palo Alto Firewall – Traffic details | This report provides information related to the traffic flow. It includes session id, source address, source port, source location, destination address, destination port, destination location, protocol type, total bytes, bytes sent, bytes received, total packets, packets sent, and packets received. |
| Operational | Palo Alto Firewall – Configuration success and failure | This report provides information related to any modifications in the Palo Alto firewall configuration. It includes user, source IP, console type, and configuration path. |
| Operational | Palo Alto Firewall – VPN configuration changes | This report provides information related to any modifications in Palo Alto firewall’s VPN configuration. It includes user, source IP, console type, and configuration path. |
| Operational | Palo Alto Firewall – VPN activities | This report provides information related to all VPN activities of Palo Alto firewall. |
| Compliance | Palo Alto Firewall – Logon failure | This report provides information related to the user logon failures in the Palo Alto firewall. It includes source IP, user, and reason. |
| Compliance | Palo Alto Firewall – Logon success | This report provides information related to the successful user login in Palo Alto firewall. It includes source IP and user. |
| Compliance | Palo Alto Firewall – VPN login failures | This report provides information related to VPN logon failure in Palo Alto firewall. It includes source IP, user, and reason. |
| Compliance | Palo Alto Firewall – VPN login and logout activity | This report provides information specific to all VPN login and logout activity of Palo Alto firewall. |
| Security | Palo Alto Firewall – Threat details | This report provides information related to the threat detection. It includes threat id, protocol type, action taken, source address, source port, source location, destination address, destination port, and destination location. |
Dashboard
| Type | Name | Description |
|---|---|---|
| Operational | Palo Alto Firewall – Traffic by Source IP address | This dashlet displays data of the Traffic by source IP address. |
| Operational | Palo Alto Firewall – Traffic by Destination IP address | This dashlet displays the data of the Traffic by destination IP address. |
| Operational | Palo Alto Firewall – Traffic by Source IP Geo-Location | This dashlet displays data of the Traffic by source IP location. |
| Operational | Palo Alto Firewall – Traffic by Destination IP Geo-Location | This dashlet displays the data of the Traffic by destination IP location. |
| Compliance | Palo Alto Firewall – Login Activities by User | This dashlet displays the data of the Login Activities by username. |
| Compliance | Palo Alto Firewall – Login by Source IP Geo-location | This dashlet displays the data of the Logins by source IP location. |
| Compliance | Palo Alto Firewall – Login Failed by Source IP | This dashlet displays the data of the Login Failures by source IP. |
| Compliance | Palo Alto Firewall – Login Failed by Geo-Location | This dashlet displays the data of the Login Failures by source IP location. |
| Compliance | Palo Alto Firewall – Login Failed by User | This dashlet displays data about login failure by user. |
| Security | Palo Alto Firewall – Intrusion Detection by Destination IP Geo-Location | This dashlet displays data of the Intrusion Detection by destination IP location. |
| Security | Palo Alto Firewall – Intrusion Detection by Destination IP | This dashlet displays the data of the Intrusion Detection by destination IP. |
| Security | Palo Alto Firewall – Intrusion Detection by Source IP | This dashlet displays the data of the Intrusion Detection by source IP. |
| Security | Palo Alto Firewall – Intrusion Detection by Threat Name and Action | This dashlet displays the data of the Intrusion Detection by threat name and action. |
| Security | Palo Alto Firewall – Intrusion Detection by Source IP Geo-Location | This dashlet displays the data of the Intrusion Detection by source IP location. |
Saved Search
| Type | Name | Description |
|---|---|---|
| Operational | Palo Alto Firewall – Allowed traffic | This saved search provides detailed information of the allowed traffics into the organization via firewall. |
| Operational | Palo Alto Firewall – Configuration success and failure | This saved search provides the information about all the configurational changes (success or failure) that happened in firewall console. |
| Operational | Palo Alto Firewall – Denied traffic | This saved search provides detailed information of the denied traffics. |
| Operational | Palo Alto Firewall – VPN activities | This saved search provides detailed information about all the firewall VPN activities. |
| Operational | Palo Alto Firewall – VPN configuration changes | This saved search provides the information about all the VPN configurational changes. |
| Compliance | Palo Alto Firewall – Logon failures | This saved search provides detailed information of the failed logins to the firewall console. |
| Compliance | Palo Alto Firewall – Logon success | This saved search provides detailed information of the successful logins to the firewall console. |
| Compliance | Palo Alto Firewall – URL filtering | This saved search provides information about the URL details filtered by the firewall. |
| Compliance | Palo Alto Firewall – VPN login and logout activity | This saved search provides the information about the VPN login and logout activities. |
| Compliance | Palo Alto Firewall – VPN login failures | This saved search provides the information about the VPN login failures. |
| Security | Palo Alto Firewall – Vulnerability detected | This saved search provides the information of any vulnerability detected by the firewall. |
| Security | Palo Alto Firewall – Virus detected | This saved search provides information about the Virus details detected by the firewall. |
Documentation
The configuration details are consistent with the Netsurion Open XDR 9.3 and later, and Palo Alto Firewall.
Download the Integration Guide for configuration instructions and more information.