Palo Alto Traps

Version: Palo Alto Traps

Palo Alto Traps advanced endpoint protection stops threats on the endpoint and coordinates enforcement with cloud and network security to prevent successful cyberattacks. Traps stands apart in its ability to protect endpoints. It blocks security breaches and successful ransomware attacks that leverage malware and exploits, known or unknown, before they can compromise endpoints.

Netsurion Open XDR is an enterprise-class platform that seamlessly combines SIEM, Log Management, Threat detection and so forth.

Netsurion Data Source Integration for Palo Alto Traps allows you to monitor the following components: –

  • Security – Threat detection.
  • Operation– Agent activity, system activity and
  • Compliance– User logons, policy changes and ESM configuration changes.

Once Palo Alto Traps is configured to deliver events to Netsurion Open XDR Manager; alerts, dashboards and reports can be configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type Name Description
Security Palo Alto Traps – Threats detected This alert is generated when any threat is detected.
Operations Palo Alto Traps – Critical agent activity This alert is generated when any critical agent activity is done.
Operations Palo Alto Traps – Critical license usage This alert is generated when any critical license is used.
Compliance Palo Alto Traps – User logins This alert is generated when any user logon is done.
Compliance Palo Alto Traps – Policy changed This alert is generated when any policy is changed.

Reports

Type Name Description
Security Palo Alto Traps – Threats detected This report gives information about all the threats that are detected by Palo Alto Traps.
Operations Palo Alto Traps – Agent status This report gives information about all the agent status such as client license invalid, client license request, enabled protection and so on.
Operations Palo Alto Traps – Agent activities This report gives information about all the agent activities such as agent content update, agent policy change and so on.
Operations Palo Alto Traps – ESM system activities This report gives information about all the system activities such as archived preventions, archived preventions failure, file upload failure and so on.
Compliance Palo Alto Traps – ESM user logon activities This report gives information about all the user logon activities.
Compliance Palo Alto Traps – ESM configuration changes This report gives the information about all the ESM configuration changes that are done.
Compliance Palo Alto Traps – ESM policy changes This report gives information about all the ESM policy changes that are done.

Documentation

The configurations detailed are consistent with Netsurion Open XDR 8.x and later, and Palo Alto Traps.

Download Integration Guide for configuration instructions and more information.