Palo Alto Panorama offers easy-to-implement and centralized management features to gain insight into network-wide traffic and threats, and administer your firewalls everywhere.
Panorama enables you to forward logs to external servers, including syslog, email and SNMP trap servers. By forwarding logs to Blumira’s platform, you can reduce firewall load and provide a reliable approach to log forwarding.
With this configuration, Blumira will be able to provide log aggregation, threat detection and actionable response for network segments protected by Palo Alto Panorama.
Palo Alto Panorama Log Setup for Log Forwarding to Blumira
Create Server Profile
Select Panorama > Server Profiles and select: Syslog
Configure the server profile.
Select Panorama > Log Settings.
For System, Correlation, and Threat logs, click each Severity level, select the Syslog server profile you just created for Blumira, and click OK.
For WildFire logs, click each Verdict, select Syslog server profile for Blumira you just created, and click OK.
Configure destinations for firewall logs that an M-Series appliance in Panorama or Log Collector mode collects (M-Series appliance only)
Select Panorama > Collector Groups and select the Collector Group that receives the firewall logs.
Select the Collector Log Forwarding tab.
For each log Severity level in the System, Threat, and Correlation tabs, click a cell in the Syslog Profile column, and select the server profile you just created.
In the Config, HIP Match, and Traffic tabs, select the Syslog server profile you just created.
For each Verdict in the WildFire tab, click a cell in the Syslog Profile column, and select the server profile you just created.
Click OK to save your changes to the Collector Group.
Click Commit, set the Commit Type to Panorama, and click Commit again.
Click Commit, set the Commit Type to Device Group, select all the device groups of the firewalls from which Panorama collects logs, Include Device and Network Templates, and click Commit again.
Click Commit, set the Commit Type to Collector Group, select the Collector Group you just configured to forward logs, and click Commit again. (M-Series appliance only)
Get a Free Cloud SIEM Trial
Try out Blumira’s automated detection & response platform for free and deploy a cloud SIEM in hours.