cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
RichieOl
Explorer
Member since: ‎10-20-2023
‎02-14-2024
Community Statistics
Posts 3
Solutions 1
Karma Given 0
Karma Received 1
Member Since ‎10-20-2023
View All

Re: PaloAlto Threat and Traffic logs not being pas...

by in Getting Data In
‎12-11-2023 07:31 AM
1 Karma
‎12-11-2023 07:31 AM
1 Karma
Found the solution. I had created the forwarding profile for the traffic and threat logs and set the forwarding to the splunk server but i didnt attach it to the security policy i wanted to monitor so i was onyl getting the standard config and systems logs that monitor the fw itself, not the data that is getting passed through. Here is the knowledge article i found that helped me resolve my issue if anyone has a similar problem in the future. Tips & Tricks: Forward traffic logs to a syslog server - Knowledge Base - Palo Alto Networks ... View more

PaloAlto Threat and Traffic logs not being passed ...

by in Getting Data In
‎12-11-2023 04:38 AM
‎12-11-2023 04:38 AM
We are testing the log collection from our paloalto firewalls and seem to have come across a snag when trying to monitor the traffic and threat events. We have the PaloAlto addon and app installed and it is working fine as the config and system logs are being processed and added to the dashboard. The datamodel accelaration is on but there is still no data. When using the search bar i have been looking for all logs coming in through port 514 as the logs are being send through udp. (source=udp:514) and i can see the system and config logs there too but no other types. I am starting to feel like the issue is with the palo side but i want to make sure that i am not missing something on the splunk side to. Ive gone through the log forwarding form the palo side several times and if its sending the system and config fine, why not the rest? KR ... View more

Re: the best way to collect Windows Defender logs?

by in Getting Data In
‎10-20-2023 01:55 AM
‎10-20-2023 01:55 AM
Hi, I am having this same issue at the moment as the domain i manage is completely airgapped form the internet so no cloud connectivity. After some digging i found have read there are events in the event viewer. Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational 1116 - MALWAREPROTECTION_STATE_MALWARE_DETECTED 1117 - MALWAREPROTECTION_STATE_MALWARE_ACTION_TAKEN 1118 - MALWAREPROTECTION_STATE_MALWARE_ACTION_FAILED 1119 - MALWAREPROTECTION_STATE_MALWARE_ACTION_CRITICALLY_FAILED I haven't tested them yet as i have literally just found them online this minute and came across this message board at the same time.  I hope this helps and if you have found anything extra can you put them in here too. Im going set up the forwarder now to collect these and create a dashboard  KR Richard  ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎02-14-2024 12:16 PM
Karma from
View All