Tested Versions: 8.1.0
Chronicle supports ingesting Palo Alto Firewall Traffic and Threat logs in order to visualize web traffic. Chronicle requires only a very simple syslog configuration along with a Chronicle Forwarder.
Chronicle Data Types
- Web Proxy
- Chronicle Forwarder
Syslog Server Profile Setup
- Navigate to Device > Server Profiles > Syslog and Add a new syslog profile.
- Enter a name for the syslog profile.
- Enter a a name for the syslog server and fill in the details for the syslog endpoint as provided by CYDERES. The log format will be BSD. Note: if sending to a CYCLOPS forwarder, please obtain a port number from CYDERES. Do not use port 514.
Log Forwarding Profile Setup
- Navigate to Objects > Log forwarding and Add a new log forwarding profile.
- Enter a name for the log forwarding profile.
- In the Traffic Settings and Threat Settings configuration boxes, select the syslog server profile in the 'Syslog' column on the right.
Once this configuration has been committed, log forwarding profile can now be used in rules to forward logs to the syslog server.
MITRE ATT&CK Coverage