topic Re: Global Protect VPN logs from Panorama to Cortex XSOAR in Cortex XSOAR Discussions

Global Protect VPN logs from Panorama to Cortex XSOAR

STeegarden — Mon, 15 Jul 2024 15:46:20 GMT

Hello, was reviewing Globalprotect VPN Logs in Panorama and am currently stumped on how to even create an alert or find the logs in which to send to XSOAR. I reviewed the PAN-OS integration, and I can link it to Panorama, but it will collect logs based on specific queries into the logs. None of which go directly to Global protect. Anyone out there run into the same issue or is there something I'm overlooking?

Re: Global Protect VPN logs from Panorama to Cortex XSOAR

asawyer — Wed, 17 Jul 2024 00:06:54 GMT

Hi @STeegarden – There is no way to have the integration fetch GlobalProtect logs into XSOAR (short of customizing the integration), but you should be able to query for GP logs. Then you could set up a job to periodically query the logs and take action accordingly.

Please test and see if the following command works to return GP logs. If not, please attach a screenshot of the error and debug log.

!pan-os-query-logs log-type=globalprotect query=<QUERY> debug-mode=true