Palo Alto

Chronicle supports ingesting Palo Alto Firewall Traffic and Threat logs in order to visualize web traffic. This data can be ingested via syslog.

Chronicle Data Types

• PAN_FIREWALL

Requirements

• Chronicle Forwarder / CYCLOPS

Configuration

1. Follow the steps detailed in the Palo Alto KB
2. Where applicable, use the Cyderes provided host and port

MITRE ATT&CK Coverage

View in the ATT&CK Navigator