 Role Availability
|
 Read-Only
|
Investigator |
 Analyst
|
Manager
|
To fully integrate USM Anywhere with your Palo Alto Networks firewall, you should configure log collection so that USM Anywhere can retrieve and normalize Normalization describes the translation of log file entries received from disparate types of monitored assets into the standardized framework of Event types and sub-types. raw log data from the firewall. AlienApp for Palo Alto Networks PAN-OS provides data normalization and analysis for Palo Alto Networks PAN-OS logs.
Before configuring the Palo Alto Networks PAN-OS log collection, you must have the IP Address of the USM Anywhere Sensor.
To configure PAN-OS to send log data to USM Anywhere
-
Configure PAN-OS to output events in Common Event Format (CEF). See the PAN-OS CEF Configuration Guide for instructions.
Note: The vendor documentation references ArcSight, but it applies to USM Anywhere as well.
-
Add a syslog server profile. See the PAN-OS Administrator's Guide on Configure Syslog Monitoring for instructions.
- For Syslog Server, enter the IP address of the USM Anywhere Sensor.
- Select the transport protocol you want to use.
- The port number depends on the transport protocol you choose. Use
- Configure syslog forwarding on PAN-OS. See the PAN-OS Administrator's Guide on Configure Log Forwarding for instructions.
Note: The syslog messages from PAN-OS do not include the time zone setting on the device, so USM Anywhere assumes that all time occurs in Coordinated Universal Time (UTC), which is used by most devices. If your Palo Alto Network device is using a different time zone than UTC, the time information in the events Any traffic or data exchange detected by AT&T Cybersecurity products through a sensor or external devices such as a firewall. will appear wrong. To correct this, configure your Palo Alto Network device to use UTC instead. See PAN-OS Web Interface Reference on Device Management for instructions.
Feedback