Back Arrow Back to All Integrations

Palo Alto Next-Gen Firewall

Palo Alto Next-Gen Firewall

Cloud SIEM for Palo Alto Next-Gen Firewalls


Click here for the most updated version of this documentation.


Blumira’s modern cloud SIEM platform integrates with Palo Alto Next-Gen Firewalls to detect cybersecurity threats and provide an automated or actionable response to remediate when a threat is detected.


When configured, the Blumira integration with Palo Alto Next-Gen Firewalls will stream security event logs to the Blumira service for automated threat detection and actionable response.


When Blumira’s dynamic blocklist capabilities are configured with the Palo Alto Firewalls,  Blumira can provide automated blocking of known threats, automatically add new block rules when threats are detected and provide blocking based on Blumira’s community of customers that have detected new threats. All through automation without requiring any human interaction.


Get visibility, detect and respond to threats faster:


  • Quickly detect known and suspected threats with Blumira’s cloud-based platform
  • Reduce the noise of false-positive alerts with backend automation and fine-tuned alerting
  • Detect lateral movement across your environment with virtual honeypots
  • Block active threats immediately with automated remediation
  • Get guided and actionable remediation playbooks for teams without security expertise
  • View easy-to-understand dashboards and security threat reports to help organizations meet compliance requirements



Learn more about enabling Blumira’s Dynamic Block Lists to block malicious source IP addresses and domains for automated threat response.


Sign Up For Your Free Account Today

Get your free account with Blumira and secure your Microsoft 365 environment in minutes. No credit card required.


Free Trial

Integrating with Palo Alto Next-Generation Firewall

Before you begin

Determine the Blumira sensor you will use as a syslog server to collect log data. On the sensor detail screen, under Host Details, copy the IP address of your Blumira sensor to use when configuring Palo Alto.

Configuring Log Forwarding for Palo Alto Networks Next-Gen Firewall

You must first configure log forwarding in Palo Alto to allow Blumira to collect the logs. See directions on how to configure log forwarding in Palo Alto’s Tips & Tricks: Forward traffic logs to a syslog server.

Provide the Blumira sensor information when setting up your syslog server:

  • IP address of the Blumira sensor you will log events to
  • Port number 514

While completing this step, take the time to review your current security policies and ensure that they are up to date. Blumira generally prefers settings that will result in the most verbosity in regard to log content and volume and should be applied to every policy in the device.