Integration Demo: Palo Alto Next-Generation Firewall + Blumira
In this demo video, we walk through:
- How to set up log collection from Palo Alto’s Next-Generation Firewall to Blumira’s platform
- Threat detection use cases, like reconnaissance scanning and data exfiltration
- Common misconfiguration detections, like allowing public IP connections
- How Blumira enables you to block source IP addresses and attacks with dynamic blocklists
- How Blumira allows for manual and automated threat response
Learn more about Blumira’s integration with Palo Alto Next-Generation Firewall, and see Blumira’s other firewall integrations.
Palo Alto Firewall Integration Video Transcription
I’m going to do a walkthrough of Blumira’s integration with Palo Alto’s Next-Generation Firewall.
You can see here that I’m in the Blumira dashboard. I’m going to click into the Responder view, where I’ve received notifications of active threats within my environment.
We’ll start by showing an example of reconnaissance scanning that’s happening on my firewall. We’ve been able to detect that this is anomalous behavior, and is a real threat, so I’m going to respond to this threat.
Essentially, it’s telling me specifically where the attack is coming from, and how we detected that this is an active threat.
We can see the matched evidence below, and this is continuing to happen over time via a few different IP addresses with our stacked evidence technology.
All I need to do is decide to immediately block the source IPs for the next seven days and click resolve.
Through Blumira’s integration via dynamic blocklists, we’ve added a block rule via IP address on the Palo Alto firewall.
You can see the configuration here, and I manually responded to this ticket. In this example, I could have automated by checking this box. It wouldn’t require any human interaction, which makes it really easy, effective and quick to respond and block threats without any human interaction.
We also have the capability to apply threat feeds so I can automatically do blocking of known bad actors. From a community perspective, we can opt in to understand when someone within the Blumira community detects a threat and reports that – we can block those automatically on the Palo Alto firewall, as well.
A few other examples of common detections through our integration with Palo Alto Networks – one example could be that a detection that someone is trying to exfiltrate a large amount of data. In this instance, a 1GB+ outbound connection via HTTPS could be a real risk that you would want to investigate.
There’s also examples of common misconfigurations – so, here’s an example of a public IP address that has been detected to be able to access internally via RDP. You want to make sure that this RDP connection is only accessible behind something like a VPN. And so, you would want to update your firewall, for example, to ensure that that is only available via VPN.
And that’s a few examples of Blumira’s partnership and integration with Palo Alto’s Next-Gen Firewall.