Apr 07 2023 11:35 AM
I noticed this is only one other post regarding this and I'm sure I'm not the only person who struggled with this so I figured I'd provide information on how I handled this.
Panorama logs require a custom log parser to be configured in Defender for Cloud Apps since there is no built-in parser. When you export from Panorama, you only have the option of exporting to .csv
Use a custom log parser - Microsoft Defender for Cloud Apps | Microsoft Learn
I did so and then searched for documentation regarding the Traffic Log Fields
After delimiting your .csv file in Excel by commas, you can add a row at the top for the fields.
All of the fields can be found at the top of the page linked above, I just copied/pasted into my new row at the top and delimited that by commas as well. That should get you all your field headers.
In my case, I was just setting up a Snapshot Report as a test before proceeding with configuring an Automatic Log Collector. You'll just need to select "Custom log format" and then fill this out, matching the column names to the relevant fields that you just pasted in to the .csv file:
I hope this helps others because I certainly struggled for a bit since the Panorama logs don't include the fields when you export them. If there are any questions or things I might have missed, let me know and I can try to assist or explain better. Certainly not an expert on this by any means.
Sep 05 2023 09:26 PM