Forum Discussion
KQL Query for Match IoC from WatchList
Hi All, I would like to create a Watchlist for Hashes, URLs, Domains and IPs. After that i would like to create a KQL query to search the watchlist. Kindly help.
hi how can i search palo alot firewall logs for source IP ? any query
sulaimanncs915 - First you need find where the Palo Alto Firewall Logs are ingestion .
Lets say, it is ingested into CommonSecurityLog table , the query should be like
CommonSecurityLog
| where DeviceVendor == "Palo Alto Networks"
| where DeviceProduct has "PAN-OS"
| where SourceIP == "<your IP address>"
Lets say, it is ingested into CommonSecurityLog table , the query should be like
CommonSecurityLog
| where DeviceVendor == "Palo Alto Networks"
| where DeviceProduct has "PAN-OS"
| where SourceIP == "<your IP address>"