Palo Alto Networks Content Pack (Outdated - Please Fork+Update)

Tested with PAN-OS 6.1.3/Graylog 1.2

NOTICE: The patterns do need some updates for 7.x and I no longer have access to PAN firewalls so someone will have to fork this and take over the project. Sorry :(

This content pack provides GROK extractors for PAN Firewalls and a few example dashboards:

PAN Threat Summary (24h)
PAN Threat Summary - High & Critical (24h)
PAN URL Filtering Summary (24h)
PAN GlobalProtect Portal Login Summary (7d)

Includes

Input PAN-syslog (Syslog tcp 5514)
GROK Patterns (BASE10NUM DATE_US2 GREEDYDATA HOST HOSTNAME HOUR IP IPORHOST MINUTE MONTHDAY MONTHNUM MONTHNUM2 NOTCOMMA QS QSORNC QUOTEDQUOTES QUOTEDSTRING SECOND TIME TZ YEAR)
Extractors (PAN_THREAT, PAN_SYSTEM, PAN_CONFIG, PAN_TRAFFIC, PAN_POSTPROCESS_GlobalProtect_Login)
Dashboards

Requirements

Palo Alto Networks Firewall (or Panorama) with SYSLOG configured for tcp 5514 BSD format, no custom settings

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

Palo Alto Networks Content Pack (Outdated - Please Fork+Update)

Includes

Requirements

Screenshots

Files

README.md

Latest commit

History

README.md

File metadata and controls

Palo Alto Networks Content Pack (Outdated - Please Fork+Update)

Includes

Requirements

Screenshots