Views:

Configure the Palo Alto Networks Next-Generation Firewall integration to send third-party logs in syslog format to Trend Vision One for analysis and correlation.

Procedure

  1. Add a new third-party log source in the Trend Vision One console.
    1. Go to Workflow and AutomationThird-Party Integration.
    2. Click Third-Party Log Collection.
    3. Click + Add Log Source.
      The Log Source Settings window appears.
  2. Configure settings for the Palo Alto Networks log source.
    1. Specify a name for the log source.
    2. Select a Service Gateway virtual appliance from the drop-down menu.
      Note
      Note
      Only compatible appliances appear in the list. If no compatible appliances exist, go to Service Gateway Management and deploy a new virtual appliance, or select an existing appliance and install and enable the Third-Party Log Collection Service.
    3. Specify sender IP addresses for the third-party logs.
    4. Click Save.
      Palo Alto Networks Next-Generation Firewall appears as a log source on the Third-Party Log Collection screen.
    Palo Alto Networks firewall logs become available under Firewall Activity Data in the Search app. Palo Alto Networks Next-Generation Firewall can only send logs generated after connecting to Trend Vision One. You might need to allow some time before new logs start to appear.