fbpx
Back Arrow Back to All Integrations

Palo Alto Networks Panorama

Palo Alto Networks Panorama

Cloud SIEM for Palo Alto Panorama

 

Click here for the most updated version of this documentation.

 

Palo Alto Panorama offers easy-to-implement and centralized management features to gain insight into network-wide traffic and threats, and administer your firewalls everywhere.

 

Panorama enables you to forward logs to external servers, including syslog, email and SNMP trap servers. By forwarding logs to Blumira’s platform, you can reduce firewall load and provide a reliable approach to log forwarding.

 

With this configuration, Blumira will be able to provide log aggregation, threat detection and actionable response for network segments protected by Palo Alto Panorama.

 

Sign Up For Your Free Account Today

Get your free account with Blumira and secure your Microsoft 365 environment in minutes. No credit card required.

 

Free Trial

Integrating with Palo Alto Networks Panorama

Create Server Profile

  1. Navigate to Panorama > Server Profiles.
  2. Select Syslog.
  3. Configure the server profile, including:
    • the IP address of the Blumira sensor you will use to collect log data
    • port number 514

Configure Destinations

  1. Select Panorama > Log Settings.
  2. For System, Correlation, and Threat logs, click each Severity level, select the Syslog server profile you just created for Blumira, and click OK.
  3. For WildFire logs, click each Verdict, select Syslog server profile for Blumira you just created, and click OK.

Configure destinations for firewall logs that an M-Series appliance in Panorama or Log Collector mode collects (M-Series appliance only)

  1. Select Panorama > Collector Groups and select the Collector Group that receives the firewall logs.
  2. Select the Collector Log Forwarding tab.
  3. For each log Severity level in the System, Threat, and Correlation tabs, click a cell in the Syslog Profile column, and select the server profile you just created.
  4. In the Config, HIP Match, and Traffic tabs, select the Syslog server profile you just created.
  5. For each Verdict in the WildFire tab, click a cell in the Syslog Profile column, and select the server profile you just created.
  6. Click OK to save your changes to the Collector Group.

Commit Changes

  1. Click Commit, set the Commit Type to Panorama, and click Commit again.
  2. Click Commit, set the Commit Type to Device Group, select all the device groups of the firewalls from which Panorama collects logs, Include Device and Network Templates, and click Commit again.
  3. Click Commit, set the Commit Type to Collector Group, select the Collector Group you just configured to forward logs, and click Commit again. (M-Series appliance only)