ไม่สามารถเล่นวิดีโอนี้
ขออภัยในความไม่สะดวก
ฝัง
- เผยแพร่เมื่อ 14 ส.ค. 2024
- Configure Log forwarding profile on Paloalto firewall and apply it to the Security Policy Rule to send logs to Splunk via Syslog.
#splunk #paloaltofirewall #pcnsa #pcnse
0:00 - Intro
01:01 - Topology
01:23 - Download/Install Splunk
02:28 - Install Paloalto App/Add-on for Splunk
03:02 - Configure Data Input
04:18 - Configure Server Profile
04:45 - Configure Log Forwarding
05:26 - Service route configuration
06:16 - Apply log Forwarding
06:48 - Test
07:07 - Checking Splunk logs
07:30 - Extract new fields
09:09 - Adding colore code
10:18 - Events search
11:18 - Troubleshooting
12:57 - Thank You!
Download Splunk Enterprise:
www.splunk.com...
Event type coloring configuration file:
community.splu...
Splunk folder location:
C:\Program Files\Splunk\etc\system\local
My LinkedIn:
/ hamza-al-sammarai-2768...
Atea website: atea.com/
Thank you
Thanks for the explanation, btw u are using syslog right? and how to create alert and what kind of field usually triggered or considered as a threat on syslog?
Thank you for the comment.
Yes, it is Syslog that I used in the video.
You can choose Log Type: "Threat" when you are creating your log forwarding profile. all Threat log will be sent to Splunk. But you can filter the Threat logs as well.
All Security Profile elements in Paloalto are included in the Threat logs except URL Filter, WildeFire Subbmission and Data filtering.
And from Splunk you can configure alarm.