Forum Discussion
Azure Sentinel with Palo Alto Network
tutrieu : the threat types in the second workbook are not typical threat types sent as THREAT by Palo Alto. Did you make sure to configure sending THREAT logs as desribed in Palo Alto Configure Syslog Monitoring steps 2, 3? Those steps need to be done in addition to the CEF configuration guide.
- tutrieuJun 15, 2020Copper Contributor
Thank you Ofer_Shezaf yes i did follow MS and Palo Alto guide. And you mean i need handle CEF threat logs like define the threat before forward it to Azure Sentinel ?
Thank you
- Ofer_ShezafJun 15, 2020Microsoft
tutrieu : generating logs on Palo Alto is arather long and complex process. For example, you need the relevant policies and your policies should actually log. Do you know if you get the relevant logs on a Palo Alto console, for example Panorama? In any case, I suggest starting with a support call to Palo Alto making sure you create the correct logs of type THREAT, and if so, a support call to our support to complete the loop.