Solved: Palo Alto Networks Add-on: Can we receive TCP data...

phularah · ‎09-07-2018

I want my Splunk Heavy Forwarder to receive TCP data on port 80 using Panorama. I have installed Palo Alto Networks add-on for Splunk on said Heavy Forwarder. Am I required to make any specific configurations in the add-on? I am not interested in using Wildfire, Aperture etc. I am only interested in getting firewall data in my Splunk indexer. Firewalls are already configured to store data in Panorama. Total no. of firewalls is 6 in number.

I have created a TCP data input in my heavy forwarder for that. I have also asked the security team to create a profile for Http(s) server (which will be Splunk) on Panorama.

Do I need to follow any more steps? Any ideas or suggestions? @btorresgil, @adonio, @panguy

phularah · ‎09-20-2018

I integrated Palo Alto with Splunk a few days back. I used port 514 instead. I made a data input in Splunk on port 514 and asked Security team to send data from Panorama to the data input. Everything works fine.

View solution in original post

phularah · ‎09-20-2018

I integrated Palo Alto with Splunk a few days back. I used port 514 instead. I made a data input in Splunk on port 514 and asked Security team to send data from Panorama to the data input. Everything works fine.

Palo Alto Networks Add-on: Can we receive TCP data on Port 80 from Panorama?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms