Skip to content

reighnman/Graylog_Content_Pack_PaloAltoNetworks

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
content_pack.json
content_pack.json
 
 

Repository files navigation

Palo Alto Networks Content Pack (Outdated - Please Fork+Update)

Tested with PAN-OS 6.1.3/Graylog 1.2

NOTICE: The patterns do need some updates for 7.x and I no longer have access to PAN firewalls so someone will have to fork this and take over the project. Sorry :(

This content pack provides GROK extractors for PAN Firewalls and a few example dashboards:

  • PAN Threat Summary (24h)
  • PAN Threat Summary - High & Critical (24h)
  • PAN URL Filtering Summary (24h)
  • PAN GlobalProtect Portal Login Summary (7d)

Includes

  • Input PAN-syslog (Syslog tcp 5514)
  • GROK Patterns (BASE10NUM DATE_US2 GREEDYDATA HOST HOSTNAME HOUR IP IPORHOST MINUTE MONTHDAY MONTHNUM MONTHNUM2 NOTCOMMA QS QSORNC QUOTEDQUOTES QUOTEDSTRING SECOND TIME TZ YEAR)
  • Extractors (PAN_THREAT, PAN_SYSTEM, PAN_CONFIG, PAN_TRAFFIC, PAN_POSTPROCESS_GlobalProtect_Login)
  • Dashboards

Requirements

  • Palo Alto Networks Firewall (or Panorama) with SYSLOG configured for tcp 5514 BSD format, no custom settings

Screenshots

gpportal

threatsum

urlfiltering

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

17 stars

Watchers

12 watching

Forks

23 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •