https://live.paloaltonetworks.com/t5/app-for-qradar-articles/palo-alto-networks-application-for-qradar/ta-p/118455 <H2><STRONG>Overview</STRONG></H2> <P>Palo Alto Networks and IBM have partnered to deliver advanced security reporting and analytics to the the widely used IBM® QRadar® SIEM. Integrate QRadar seamlessly with the Palo Alto Networks platform to streamline operations and improves security. The Palo Alto Networks app for QRadar enables these capabilities by allowing the security operations team to reduce, prioritize, and correlate Palo Alto Networks events using the QRadar dashboard, and leverage offenses and offense workflows created automatically, enabling rapid response to the most critical threats from a single dashboard.</P> <P>&nbsp;</P> <H2><STRONG>System Requirements:</STRONG></H2> <UL> <LI>IBM QRadar version 7.2.8 or higher</LI> <LI>Palo Alto Networks PAN-OS 7.0 or higher</LI> </UL> <P>&nbsp;</P> <H3><STRONG>Installation Steps:</STRONG></H3> <OL> <LI>&nbsp;<STRONG>Download the Palo Alto Networks app for QRadar from the IBM App Exchange:&nbsp;</STRONG><BR /><A title="Palo Alto Networks App for QRadar | IBM" href="https://exchange.xforce.ibmcloud.com/hub/extension/Palo%20Alto%20Networks:Palo%20Alto%20Networks%20App%20for%20QRadar" target="_blank" rel="noopener">https://exchange.xforce.ibmcloud.com/hub/extension/Palo%20Alto%20Networks:Palo%20Alto%20Networks%20App%20for%20QRadar</A></LI> <LI><STRONG>Upload and install the app on IBM QRadar using the following documentation from IBM:&nbsp;</STRONG><BR /><A title="Uploading your app | IBM" href="https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.3.1/com.ibm.apps.doc/t_Qapps_upload.html" target="_blank" rel="noopener">https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.3.1/com.ibm.apps.doc/t_Qapps_upload.html</A></LI> <LI><STRONG>Configure the Palo Alto Networks firewall&nbsp;to send syslogs to IBM QRadar:&nbsp;</STRONG><BR /><A title="Creating a Syslog destination on your Palo Alto PA Series device | IBM" href="https://www.ibm.com/support/knowledgecenter/en/SS42VS_DSM/t_dsm_guide_palo_alto_syslog_dest.html?cp=SS42VS_7.3.0" target="_self">https://www.ibm.com/support/knowledgecenter/en/SS42VS_DSM/t_dsm_guide_palo_alto_syslog_dest.html?cp=SS42VS_7.3.0</A></LI> </OL> <P><STRONG>&nbsp;</STRONG></P> <P><STRONG>LEEF log format is the recommended setup however, if your company can not use LEEF logging standard for QRadar, we have an extension available for PAN-OS standard log format available here: <BR /></STRONG></P> <P><A title="LEEF Log Format To Standard Log Format Extension | LIVEcommunity" href="https://live.paloaltonetworks.com/t5/App-for-QRadar-Articles/LEEF-Log-Format-to-Standard-Log-Format-Extension/ta-p/145391" target="_self">https://live.paloaltonetworks.com/t5/App-for-QRadar-Articles/LEEF-Log-Format-to-Standard-Log-Format-Extension/ta-p/145391</A></P> <P>&nbsp;</P> <P>No further configuration is needed. Logs sent from the Palo Alto Networks firewall in the default syslog format are automatically identified by QRadar and the app.</P> <P>&nbsp;</P> <P>&nbsp;</P> <H2>Demo Video</H2> <P><div class="video-embed-center video-embed"><iframe class="embedly-embed" src="https://cdn.embedly.com/widgets/media.html?src=https%3A%2F%2Fwww.youtube.com%2Fembed%2FB4ZKSPEjxHo%3Ffeature%3Doembed&amp;display_name=YouTube&amp;url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DB4ZKSPEjxHo&amp;image=https%3A%2F%2Fi.ytimg.com%2Fvi%2FB4ZKSPEjxHo%2Fhqdefault.jpg&amp;type=text%2Fhtml&amp;schema=youtube" width="200" height="112" scrolling="no" title="Demo: Palo Alto Networks App for QRadar" frameborder="0" allow="autoplay; fullscreen; encrypted-media; picture-in-picture;" allowfullscreen="true"></iframe></div></P> <P>&nbsp;</P> <H3><STRONG>Support</STRONG></H3> <P>&nbsp;</P> <P><STRONG>IBM QRadar</STRONG></P> <P>See Getting Support for IBM Security QRadar products in the IBM Support site<BR /><A title="QRadar: Links &amp; Important Support Resources " href="http://www-01.ibm.com/support/docview.wss?uid=swg21616144" target="_blank" rel="noopener">http://www-01.ibm.com/support/docview.wss?uid=swg21616144</A>.</P> <P>&nbsp;</P> <P><STRONG>Palo Alto Networks firewall support<BR /></STRONG></P> <P>Open a ticket with Palo Alto Networks TAC at:</P> <P><STRONG><A title="Opening a Case With Customer Support | Knowledgebase " href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClNSCA0" target="_blank" rel="noopener">Opening a Case with Customer Support</A></STRONG></P> <P>&nbsp;</P> Mon, 26 Aug 2019 19:50:40 GMT btorresgil 2019-08-26T19:50:40Z https://live.paloaltonetworks.com/t5/app-for-qradar-articles/palo-alto-networks-application-for-qradar/ta-p/118455 <P>Palo Alto Networks and IBM have partnered to deliver advanced security reporting and analytics to the the widely used IBM® QRadar® SIEM. Integrate QRadar seamlessly with the Palo Alto Networks platform to streamline operations and improves security.</P> Mon, 26 Aug 2019 19:50:40 GMT https://live.paloaltonetworks.com/t5/app-for-qradar-articles/palo-alto-networks-application-for-qradar/ta-p/118455 btorresgil 2019-08-26T19:50:40Z https://live.paloaltonetworks.com/t5/app-for-qradar-articles/palo-alto-networks-application-for-qradar/tac-p/173465#M6 <P>The 3rd url in the installation steps in moved, can that be made available.</P> Mon, 28 Aug 2017 17:15:29 GMT https://live.paloaltonetworks.com/t5/app-for-qradar-articles/palo-alto-networks-application-for-qradar/tac-p/173465#M6 mhaaris17 2017-08-28T17:15:29Z https://live.paloaltonetworks.com/t5/app-for-qradar-articles/palo-alto-networks-application-for-qradar/tac-p/173467#M7 <P>Thanks I have updated the URL.&nbsp;</P> Mon, 28 Aug 2017 17:33:12 GMT https://live.paloaltonetworks.com/t5/app-for-qradar-articles/palo-alto-networks-application-for-qradar/tac-p/173467#M7 panguyen 2017-08-28T17:33:12Z https://live.paloaltonetworks.com/t5/app-for-qradar-articles/palo-alto-networks-application-for-qradar/tac-p/506912#M25 <P>Hi, It seems like the current app is deprecated because of old O/S . Is there any plan to publish new app ? Thanks</P> Wed, 29 Jun 2022 01:34:48 GMT https://live.paloaltonetworks.com/t5/app-for-qradar-articles/palo-alto-networks-application-for-qradar/tac-p/506912#M25 sakapur 2022-06-29T01:34:48Z https://live.paloaltonetworks.com/t5/app-for-qradar-articles/palo-alto-networks-application-for-qradar/tac-p/558842#M26 <P>We use Qradar as our SIEM and need to know if there are plans to update this app to work with newer versions of QRadar anytime soon?</P> Wed, 20 Sep 2023 16:41:56 GMT https://live.paloaltonetworks.com/t5/app-for-qradar-articles/palo-alto-networks-application-for-qradar/tac-p/558842#M26 Matt-Mercer 2023-09-20T16:41:56Z