Below are the steps I've taken to integrate PaloAlto Panorama Traffic logs to Cloud App Discovery.
In this setup, multiple PA Firewalls are configured forward their logs to Panorama. Check the Palo Alto guides for how this is setup.
Your thoughts and feedback is much appreciated.
Follow the Microsoft guide to setup a log collector for MCAS. I've settled with the Docker for Ubuntu on Azure after multiple failed attempts with RHEL 8.1.
For Step 3 - On-premises configuration of your network appliances log into Panorama, make sure Context Panorama on the top left is selected.
Select the Panorama tab and Server Profiles -> Syslog on the left hand menu.
Select Add to create a new Syslog Server Profile
Enter a Name for the Profile - i.e. MCAS Log Collector
Select Add in the Servers tab and provide the details for the collector server, i.e.:Name: MCAS Server Azure IP: <<Log Collector IP>> Transport: as per your collector config, i.e. TCP Port: as per your collector config, i.e. 601 Format: BSS Facility: LOG_USER
Select Ok to save the Syslog Server and Profile.
Go to Collector Groups and select the "default" Collector Group.
Select the Collector Log Forwarding tab, then the Traffic tab.
Select Add and give the Log Setting a name, i.e. MCAS Logs
Set filter to All Logs
Select Add in the Syslog field and select the MCAS Log Collector.
Select Ok, and Ok again, then save and commit your changes.
Follow on with Step 4 - Verify the successful deployment in the Cloud App Security portal in the Microsoft guide.