https://live.paloaltonetworks.com/t5/log-forwarding-articles/ifttt-push-notifications/ta-p/170645 <P>For this example, I am using HTTP log forwarding along with IFTTT to get a push notification on my iPhone every time there is a Critical Threat event.</P> <P>&nbsp;</P> <H2>Step 1</H2> <P>Install IFTTT and sign up for an account on your desktop at ifttt.com</P> <P>Once you are logged in through your browser, go to <A href="https://ifttt.com/maker" target="_blank" rel="noopener">https://ifttt.com/maker</A> and connect Maker to your account.&nbsp; Next, click on the settings icon, and follow the link to your Maker URL</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Picture23.png" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/10705i657A609A54B255FD/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="Picture23.png" alt="Picture23.png" /></span></P> <P>Take note of the example URL, as it contains your API key.</P> <P>&nbsp;</P> <H2>Step 2</H2> <P>Create a new IFTTT applet</P> <P>&nbsp;</P> <P>Click on the My Applets menu item, then click the New Applet button.&nbsp; The first half of the applet is If This – click on “+this” and search for the Maker service.&nbsp; Under the Maker service, select the Web Request Trigger and configure it as shown below</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Picture 24.png" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/10706i20CCB3AF753BC900/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="Picture 24.png" alt="Picture 24.png" /></span></P> <P>Complete your applet by setting the action to a Notification</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Picture 24.png" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/10707i043D135B2D642EC7/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="Picture 24.png" alt="Picture 24.png" /></span></P> <H2>Step 3</H2> <P>&nbsp;</P> <P>Configure the firewall log forwarding settings</P> <P>&nbsp;</P> <P>Create a new HTTP log server profile.&nbsp; Add a new server, setting the Address to maker.ifttt.com.&nbsp; Configure the server to use either HTTP or HTTPS, and set the HTTP Method to POST.&nbsp; Under Payload Format, edit the Threat format as shown below</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Picture26.png" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/10708i2BB3F63EBB443D96/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="Picture26.png" alt="Picture26.png" /></span></P> <P>&nbsp;</P> <P>The URL format should be set to:</P> <P><STRONG>trigger/Critical_Threat/with/key/&lt;&lt;YOUR KEY HERE&gt;&gt; </STRONG></P> <P>&nbsp;</P> <P><EM>Note – this is from the URL you got from the Maker service settings in step 1. </EM></P> <P>&nbsp;</P> <P>Set the Payload to:</P> <P><STRONG>value1="$device_name"&amp;value2="$threatid"&amp;value3="$receive_time"</STRONG></P> <P><STRONG>&nbsp;</STRONG></P> <P>Then send a Test log – your IFTTT app should notify you at this point.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <H2>Step 4</H2> <P>Configure a log profile for critical threats to use the push service</P> <P>&nbsp;</P> <P>Create a new log forwarding profile, or edit your existing one to forward Threat logs with the Filter set to (severity eq critical), then add your new HTTP server under forwarding method.&nbsp; Apply this log forwarding profile to any security policies with Threat Prevention to trigger push notifications automatically.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Picture29.png" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/10709iCB8ABB273B114364/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="Picture29.png" alt="Picture29.png" /></span></P> <P>&nbsp;</P> <P>Created by Darren Rogers.</P> Tue, 12 Jul 2022 06:48:59 GMT rkemburu 2022-07-12T06:48:59Z https://live.paloaltonetworks.com/t5/log-forwarding-articles/ifttt-push-notifications/ta-p/170645 <P>For this example, I am using HTTP log forwarding along with IFTTT to get a push notification on my iPhone every time there is a Critical Threat event.</P> <P>&nbsp;</P> <H2>Step 1</H2> <P>Install IFTTT and sign up for an account on your desktop at ifttt.com</P> <P>Once you are logged in through your browser, go to <A href="https://ifttt.com/maker" target="_blank" rel="noopener">https://ifttt.com/maker</A> and connect Maker to your account.&nbsp; Next, click on the settings icon, and follow the link to your Maker URL</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Picture23.png" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/10705i657A609A54B255FD/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="Picture23.png" alt="Picture23.png" /></span></P> <P>Take note of the example URL, as it contains your API key.</P> <P>&nbsp;</P> <H2>Step 2</H2> <P>Create a new IFTTT applet</P> <P>&nbsp;</P> <P>Click on the My Applets menu item, then click the New Applet button.&nbsp; The first half of the applet is If This – click on “+this” and search for the Maker service.&nbsp; Under the Maker service, select the Web Request Trigger and configure it as shown below</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Picture 24.png" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/10706i20CCB3AF753BC900/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="Picture 24.png" alt="Picture 24.png" /></span></P> <P>Complete your applet by setting the action to a Notification</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Picture 24.png" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/10707i043D135B2D642EC7/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="Picture 24.png" alt="Picture 24.png" /></span></P> <H2>Step 3</H2> <P>&nbsp;</P> <P>Configure the firewall log forwarding settings</P> <P>&nbsp;</P> <P>Create a new HTTP log server profile.&nbsp; Add a new server, setting the Address to maker.ifttt.com.&nbsp; Configure the server to use either HTTP or HTTPS, and set the HTTP Method to POST.&nbsp; Under Payload Format, edit the Threat format as shown below</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Picture26.png" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/10708i2BB3F63EBB443D96/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="Picture26.png" alt="Picture26.png" /></span></P> <P>&nbsp;</P> <P>The URL format should be set to:</P> <P><STRONG>trigger/Critical_Threat/with/key/&lt;&lt;YOUR KEY HERE&gt;&gt; </STRONG></P> <P>&nbsp;</P> <P><EM>Note – this is from the URL you got from the Maker service settings in step 1. </EM></P> <P>&nbsp;</P> <P>Set the Payload to:</P> <P><STRONG>value1="$device_name"&amp;value2="$threatid"&amp;value3="$receive_time"</STRONG></P> <P><STRONG>&nbsp;</STRONG></P> <P>Then send a Test log – your IFTTT app should notify you at this point.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <H2>Step 4</H2> <P>Configure a log profile for critical threats to use the push service</P> <P>&nbsp;</P> <P>Create a new log forwarding profile, or edit your existing one to forward Threat logs with the Filter set to (severity eq critical), then add your new HTTP server under forwarding method.&nbsp; Apply this log forwarding profile to any security policies with Threat Prevention to trigger push notifications automatically.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Picture29.png" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/10709iCB8ABB273B114364/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="Picture29.png" alt="Picture29.png" /></span></P> <P>&nbsp;</P> <P>Created by Darren Rogers.</P> Tue, 12 Jul 2022 06:48:59 GMT https://live.paloaltonetworks.com/t5/log-forwarding-articles/ifttt-push-notifications/ta-p/170645 rkemburu 2022-07-12T06:48:59Z