Connect with experts and redefine what’s possible at work – join us at the Microsoft 365 Community Conference May 6-8. Learn more >

Forum Discussion

Micah-NENZ

Copper Contributor

Oct 06, 2021

Palo Alto Syslogs to Sentinel

Hi, We are ingesting Palo Alto firewall logs into Sentinel that seems to be mostly working, however the fields are not populating correctly. There is an additional field called 'AdditionalExt...

CliveWatson

Microsoft

Oct 06, 2021

There is a ASIM parser for Palo
Main docs:
https://docs.microsoft.com/en-us/azure/sentinel/normalization

Parsers page:
Azure-Sentinel/Parsers/ASimNetworkSession at master · Azure/Azure-Sentinel - https://github.com/

and the parser itself, where that field is normalized:
Azure-Sentinel/ASimNetworkSessionPaloAltoCEF.yaml at master · Azure/Azure-Sentinel - https://github.com/