No description, website, or topics provided.
Switch branches/tags
Nothing to show
Clone or download
reighnman Merge pull request #14 from pmusolino-rms/master
Made Egress Interface and RuleName fields of Threat optional
Latest commit ca1746b Aug 13, 2017
Permalink
Failed to load latest commit information.
LICENSE initial commit Sep 25, 2015
README.md Update README.md Mar 21, 2017
content_pack.json Made Egress Interface and RuleName fields of Threat optional Jun 21, 2017

README.md

Palo Alto Networks Content Pack

Tested with PAN-OS 6.1.3/Graylog 1.2

NOTICE: The patterns do need some updates for 7.x and I no longer have access to PAN firewalls so someone will have to fork this and take over the project. Sorry :(

This content pack provides GROK extractors for PAN Firewalls and a few example dashboards:

  • PAN Threat Summary (24h)
  • PAN Threat Summary - High & Critical (24h)
  • PAN URL Filtering Summary (24h)
  • PAN GlobalProtect Portal Login Summary (7d)

Includes

  • Input PAN-syslog (Syslog tcp 5514)
  • GROK Patterns (BASE10NUM DATE_US2 GREEDYDATA HOST HOSTNAME HOUR IP IPORHOST MINUTE MONTHDAY MONTHNUM MONTHNUM2 NOTCOMMA QS QSORNC QUOTEDQUOTES QUOTEDSTRING SECOND TIME TZ YEAR)
  • Extractors (PAN_THREAT, PAN_SYSTEM, PAN_CONFIG, PAN_TRAFFIC, PAN_POSTPROCESS_GlobalProtect_Login)
  • Dashboards

Requirements

  • Palo Alto Networks Firewall (or Panorama) with SYSLOG configured for tcp 5514 BSD format, no custom settings

Screenshots

gpportal

threatsum

urlfiltering