https://live.paloaltonetworks.com/t5/general-topics/free-visualisation-noc-screenboards-for-panw-firewall/m-p/196155#M58471 <P>I was looking for ways to provide 'at-a-glance' visualisation of PANW firewall health, including traffic, threat, system &amp; config logs. The stock capabilities, including ACC, are decent but somewhat lacking in providing NOC-style dashboards.</P><P>&nbsp;</P><P>Inspired by other visualisation solutions I've seen around, such as the Splunk App &amp; Graylog dashboards, I spent the last 48 hours tinkering with ElasticStack 6.1 and came up with a series of 9 dashboards (and 66 visualisations) that can be derived from PANW Firewall syslogs.</P><P>&nbsp;</P><P>Dashboard examples here;</P><UL><LI><P>Overview:<SPAN>&nbsp;</SPAN><A href="https://imgur.com/xxl0XCf" target="_blank">https://imgur.com/xxl0XCf</A></P></LI><LI><P>Traffic:<SPAN>&nbsp;</SPAN><A href="https://imgur.com/xuxsmno" target="_blank">https://imgur.com/xuxsmno</A></P></LI><LI><P>Applications:<SPAN>&nbsp;</SPAN><A href="https://imgur.com/x7vdEwn" target="_blank">https://imgur.com/x7vdEwn</A></P></LI><LI><P>Threats:<SPAN>&nbsp;</SPAN><A href="https://imgur.com/obE4dIb" target="_blank">https://imgur.com/obE4dIb</A></P></LI><LI><P>System:<SPAN>&nbsp;</SPAN><A href="https://imgur.com/O3A4p3n" target="_blank">https://imgur.com/O3A4p3n</A></P></LI></UL><P>There's another 4 dashboards too (Config, Threat [Warning+], URL &amp; Blocked URLs)</P><P>&nbsp;</P><P>The process of spinning up a Linux/Windows VM &amp; installing Elastic Stack is pretty painless. Once done, dropping in the files required to create a syslog instance, ingest the syslogs and output the visualisations/dashboard is quite easy</P><P>&nbsp;</P><P>I've put all the relevant information, including a full tutorial on installing Elastic Stack, up on GitHub:<SPAN>&nbsp;</SPAN><A href="https://github.com/sm-biz/paloalto-elasticstack-viz" target="_blank">https://github.com/sm-biz/paloalto-elasticstack-viz</A></P><P>&nbsp;</P><P>If anyone's interested, have a look and provide feedback. Any other types of dashboards that would be useful?</P><P>(Note: Wildfire dashboard is still-to-come, I need to generate some sample data)</P> Mon, 22 Jan 2018 09:49:38 GMT Retired Member 2018-01-22T09:49:38Z https://live.paloaltonetworks.com/t5/general-topics/free-visualisation-noc-screenboards-for-panw-firewall/m-p/196155#M58471 <P>I was looking for ways to provide 'at-a-glance' visualisation of PANW firewall health, including traffic, threat, system &amp; config logs. The stock capabilities, including ACC, are decent but somewhat lacking in providing NOC-style dashboards.</P><P>&nbsp;</P><P>Inspired by other visualisation solutions I've seen around, such as the Splunk App &amp; Graylog dashboards, I spent the last 48 hours tinkering with ElasticStack 6.1 and came up with a series of 9 dashboards (and 66 visualisations) that can be derived from PANW Firewall syslogs.</P><P>&nbsp;</P><P>Dashboard examples here;</P><UL><LI><P>Overview:<SPAN>&nbsp;</SPAN><A href="https://imgur.com/xxl0XCf" target="_blank">https://imgur.com/xxl0XCf</A></P></LI><LI><P>Traffic:<SPAN>&nbsp;</SPAN><A href="https://imgur.com/xuxsmno" target="_blank">https://imgur.com/xuxsmno</A></P></LI><LI><P>Applications:<SPAN>&nbsp;</SPAN><A href="https://imgur.com/x7vdEwn" target="_blank">https://imgur.com/x7vdEwn</A></P></LI><LI><P>Threats:<SPAN>&nbsp;</SPAN><A href="https://imgur.com/obE4dIb" target="_blank">https://imgur.com/obE4dIb</A></P></LI><LI><P>System:<SPAN>&nbsp;</SPAN><A href="https://imgur.com/O3A4p3n" target="_blank">https://imgur.com/O3A4p3n</A></P></LI></UL><P>There's another 4 dashboards too (Config, Threat [Warning+], URL &amp; Blocked URLs)</P><P>&nbsp;</P><P>The process of spinning up a Linux/Windows VM &amp; installing Elastic Stack is pretty painless. Once done, dropping in the files required to create a syslog instance, ingest the syslogs and output the visualisations/dashboard is quite easy</P><P>&nbsp;</P><P>I've put all the relevant information, including a full tutorial on installing Elastic Stack, up on GitHub:<SPAN>&nbsp;</SPAN><A href="https://github.com/sm-biz/paloalto-elasticstack-viz" target="_blank">https://github.com/sm-biz/paloalto-elasticstack-viz</A></P><P>&nbsp;</P><P>If anyone's interested, have a look and provide feedback. Any other types of dashboards that would be useful?</P><P>(Note: Wildfire dashboard is still-to-come, I need to generate some sample data)</P> Mon, 22 Jan 2018 09:49:38 GMT https://live.paloaltonetworks.com/t5/general-topics/free-visualisation-noc-screenboards-for-panw-firewall/m-p/196155#M58471 Retired Member 2018-01-22T09:49:38Z https://live.paloaltonetworks.com/t5/general-topics/free-visualisation-noc-screenboards-for-panw-firewall/m-p/288844#M76886 <P>Can you please post any video tutorial for this ELK + palo alto log monitoring.</P> Tue, 17 Sep 2019 18:18:17 GMT https://live.paloaltonetworks.com/t5/general-topics/free-visualisation-noc-screenboards-for-panw-firewall/m-p/288844#M76886 Chander 2019-09-17T18:18:17Z https://live.paloaltonetworks.com/t5/general-topics/free-visualisation-noc-screenboards-for-panw-firewall/m-p/289010#M76915 <P>Awesome. Thanks. Took me about a day to get this up and running on Ubuntu 18. The installation of Java 8 has changed, the PPA repo is no longer a viable solution, had to install it manually. The only other thing that tripped me up was the sysylog port, it was 5514 instead of the usual 514. Once I changed that on the syslog forward in the PA, everything started flowing ing in.</P> Wed, 18 Sep 2019 20:54:56 GMT https://live.paloaltonetworks.com/t5/general-topics/free-visualisation-noc-screenboards-for-panw-firewall/m-p/289010#M76915 VincentPresogna 2019-09-18T20:54:56Z