Skip to content

Palo Alto Cortex

Chronicle supports ingesting Palo Alto Firewall Traffic and Threat logs from Palo Alto's cloud service "Cortex" in order to visualize web traffic.

Chronicle Data Types

  • Firewall
  • Web Proxy

Syslog Server Setup

  1. Sign In to the Cloud Services Portal.
  2. Select the Log Forwarding app instance that you want to configure for Syslog forwarding.
  3. Select Syslog > Add to add a new Syslog Forwarding profile. palocortex1
  4. Enter a name for the profile along with the syslog endpoint as provided by CYDERES.
  5. Select Add to select the Log Vendor. The log vendors are the sources that generated the logs, such as Firewall or Traps.
  6. Add Log Types for Traffic, Threat, and URL. Save the changes. palocortex2
  7. Save the configuration and test that the connection is working.

MITRE ATT&CK Coverage

View in the ATT&CK Navigator

Cortex Coverage