Palo Alto Firewall Insight Pack

Posted: August 2, 2016 Modified: August 2, 2016


Overview

The Palo Alto Insight Pack gives operational administrators and users the ability to use IBM Operations Analytics – Log Analysis to analyze traffic on their installed Palo Alto device logs. This includes using dynamic dashboards to view the rate of important error and notification messages with the ability to drill down into areas needing attention in your Palo Alto deployment.

Palo Alto Dynamic Dashboards

The dashboards include various charts plotted based on the Threats, Protocols, Types, and Actions of each log record type. The default time to capture the dashboard data is last 1 day and can be configured as needed.

Threats captured by each Firewall and Threatening Protocols
Threats captured by each Firewall and Threatening Protocols

The dashboard charts reflect the following:

  • Threats captured by each Firewall
  • Threatening Protocols
Palo Alto Actions vs Protocols and Threatening Protocols
Palo Alto Actions vs Protocols and Threatening Protocols

The dashboard charts reflect the following:

  • Action Vs Protocol
  • All Message Types

Quick Searches

With the included Quick Search feature, users can create saved searches for a keyword or a series of keywords. The searches are added to the saved searches pane for running at a later time.

The following quick searches are provided with the quick search installer:

  • PaloAlto Config Messages This search query displays log records where the Palo Alto log type is CONFIG.
  • Paloalto HIP Messages: This search query displays log records where the Palo Alto log type is HIP_MATCH.
  • PaloAlto System Messages: This search query displays log records where the Palo Alto log type is SYSTEM.
  • PaloAlto Threat Messages: This search query displays log records where the Palo Alto log type is THREAT.
  • PaloAlto Traffic Messages: This search query displays log records where the Palo Alto log type is TRAFFIC.

Reference the Insight Pack User’s Guide for adjusting the dynamic dashboards and quick searches to reflect additional data elements.

Additional information

The Palo Alto system message logging process allows the system to report and save important error and notifications messages to a remote logging server (syslog server). These syslog messages include messages in a standardized format (often called system error messages) and output from debug commands. These messages are generated during the Palo Alto device network operation to assist users with identifying the type and severity of a problem, or to aid users in monitoring Palo Alto activity.

Useful product links which provide information about Palo Alto logs are found in the Expert Advice section of the User Guide.

Training Information

Review the following video for information on using and setting up the Insight Pack.


Training and overview presentation used in the training video.

View US Price & Buy

IBM Operations Analytics-Log Analysis Insight Packs for Networks- Premium Install License.

Released: 28 July 2016
Version: 1.1.1.0
Cost: License Fee
Support: Supported

Resources

Product Information
Product Documentation
Documentation
Support
Forum

Requirements

  • IBM Operations Analytics – Log Analysis version 1.3.0 or above.
  • Palo Alto systems running PAN OS 6.0 or higher (configured to send the log messages to a Linux syslog server).
  • Syslog Server (receives the syslog records transferred from the Palo Alto devices).
  • Purchased “IBM Operations Analytics-Log Analysis Insight Packs for Networks- Premium Install License” for each installed Insight Pack.

Support

This package is subject to the License terms included with the Insight Pack, along with those displayed upon download.

To report a problem with deploying this entry, entitled customers may contact the country specific IBM support channel, reference the IBM Worldwide Directory. Also use the “Support” link to access the support site for IBM Operations Analytics – Log Analysis information.