Palo Alto Firewall

OverviewResources

Once Palo Alto Firewall is configured to deliver events to EventTracker Manager; alerts, dashboards and reports can be configured into EventTracker.

Some of the Knowledge Packs available in EventTracker are listed below.

Security

Alerts

Palo Alto Firewall: Virus detected: This alert is generated when any virus is detected in the traffic by the Palo Alto Firewall.
Palo Alto Firewall: Vulnerability detected: This alert is generated when any vulnerability is detected in the traffic by the Palo Alto Firewall.

Reports

Palo Alto Firewall- Threat details: This report provides information related to threat detection which includes threat id, protocol type, action taken, source address, source port, source location, destination address, destination port and destination location.

Operations

Alerts

Palo Alto Firewall: Configuration success and failure: This alert is generated when any configuration success or failure is done in the Palo Alto Firewall.
Palo Alto Firewall: VPN configuration changes: This alert is generated when any vpn configuration changes is done in the Palo Alto Firewall.

Reports

Palo Alto Firewall- Traffic details: This report provides information related to traffic flow which includes session id, source address, source port, source location, destination address, destination port, destination location, protocol type, total bytes, bytes sent, bytes received, total packets, packets sent and packets received.
Palo Alto Firewall- Configuration success or failure: This provides information related to changes that happens in configuration of Palo Alto firewall which includes user, source IP, console type, and configuration path.
Palo Alto Firewall- VPN configuration changes: This report provides information related to vpn configuration changes that is done in Palo Alto firewall which includes user, source IP, console type, and configuration path.

Compliance

Alerts

Palo Alto Firewall: Logon failure: This alert is generated when any logon failure is attempted in the Palo Alto Firewall.
Palo Alto Firewall: VPN login failures: This alert is generated when any vpn login failure is attempted in the Palo Alto Firewall.

Reports

Palo Alto Firewall- Logon failure: This report provides information related to user logon failure in Palo Alto firewall which includes source IP, user and reason.
Palo Alto Firewall- Logon success: This report provides information related to user login success in Palo Alto firewall which includes source IP and user.
Palo Alto Firewall- VPN login and logout activity: This report provides information related to VPN user login and logout activity which include user name, source IP, status and reason.
Palo Alto Firewall- VPN login failures: This report provides information related to vpn logon failure in Palo Alto firewall which includes source IP, user and reason.

Scope

The configuration details in this guide are consistent with EventTracker Enterprise version 8.x and later, and Palo Alto Appliance, PanOS version (2.0-8.1).

Documentation:

For more information please refer to the Integration guide

To configure Palo Alto Firewall to send logs to EventTracker, refer to the How-to Guide.