Palo Alto Firewall

Version: Palo Alto Appliance, PanOS version 2.0-8.1.

Palo Alto next-generation security hardware and virtual appliances allows you to secure your virtualized and cloud-based computing environments. It uses for networking, security, threat prevention, and management to deliver predictable performance.

Netsurion's Open XDR platform seamlessly combines SIEM, Log Management, File Integrity Monitoring, machine Analytics and so forth.

Netsurion Data Source Integration for Palo Alto Firewall allows you to monitor the following components:-

  • Security - Firewall threat details.
  • Operation - Firewall traffic details and console/vpn configuration changes.
  • Compliance - Firewall logon success and failure, vpn login/logout and logon failures.

Once Palo Alto is configured to deliver events to Netsurion's Open XDR platform; alerts, dashboards and reports can be configured into Netsurion's Open XDR platform.

Some of the Data Source Integrations available in Netsurion are listed below.

Alerts

Type Name Description
Security Palo Alto Firewall - Virus detected This alert is generated when any virus is detected in the traffic by the Palo Alto Firewall.
Security Palo Alto Firewall - Vulnerability detected This alert is generated when any vulnerability is detected in the traffic by the Palo Alto Firewall.
Operations Palo Alto Firewall - Configuration success and failure This alert is generated when any configuration success or failure is done in the Palo Alto Firewall.
Operations Palo Alto Firewall - VPN configuration changes This alert is generated when any vpn configuration changes is done in the Palo Alto Firewall.
Compliance Palo Alto Firewall - Logon failure This alert is generated when any logon failure is attempted in the Palo Alto Firewall.
Compliance Palo Alto Firewall - VPN login failures This alert is generated when any vpn login failure is attempted in the Palo Alto Firewall.

Reports

Type Name Description
Security Palo Alto Firewall - Threat details This report provides information related to threat detection which includes threat id, protocol type, action taken, source address, source port, source location, destination address, destination port and destination location.
Operations Palo Alto Firewall - Traffic details This report provides information related to traffic flow which includes session id, source address, source port, source location, destination address, destination port, destination location, protocol type, total bytes, bytes sent, bytes received, total packets, packets sent and packets received.
Operations Palo Alto Firewall - Configuration success or failure This provides information related to changes that happens in configuration of Palo Alto firewall which includes user, source IP, console type, and configuration path.
Operations Palo Alto Firewall - VPN configuration changes This report provides information related to vpn configuration changes that is done in Palo Alto firewall which includes user, source IP, console type, and configuration path.
Compliance Palo Alto Firewall- Logon failure This report provides information related to user logon failure in Palo Alto firewall which includes source IP, user and reason.
Compliance Palo Alto Firewall- Logon success This report provides information related to user login success in Palo Alto firewall which includes source IP and user.
Compliance Palo Alto Firewall- VPN login and logout activity This report provides information related to VPN user login and logout activity which include user name, source IP, status and reason.
Compliance Palo Alto Firewall- VPN login failures This report provides information related to vpn logon failure in Palo Alto firewall which includes source IP, user and reason.

Documentation

The configuration details are consistent with Netsurion's Open XDR platform version 8.x or later, and Palo Alto Appliance, PanOS version 2.0 - 8.1.

Download Integration Guide and How-to Guide for more information and to configuration instructions.