Palo Alto Cortex
Chronicle supports ingesting Palo Alto Firewall Traffic and Threat logs from Palo Alto's cloud service "Cortex" in order to visualize web traffic.
Chronicle Data Types
- Web Proxy
Syslog Server Setup
- Sign In to the Cloud Services Portal.
- Select the Log Forwarding app instance that you want to configure for Syslog forwarding.
- Select Syslog > Add to add a new Syslog Forwarding profile.
- Enter a name for the profile along with the syslog endpoint as provided by CYDERES.
- Select Add to select the Log Vendor. The log vendors are the sources that generated the logs, such as Firewall or Traps.
- Add Log Types for Traffic, Threat, and URL. Save the changes.
- Save the configuration and test that the connection is working.
MITRE ATT&CK Coverage