This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

LEEF Log Format to Standard Log Format Extension

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

LEEF Log Format to Standard Log Format Extension

panguyen
L2 Linker

on ‎03-07-2017 08:10 AM - edited on ‎08-26-2019 12:44 PM by Retired Member

100% helpful (1/1)

 As of Palo Alto Networks App for QRadar version 1.1.0, we have exclusively switched to LEEF log format support. Below are the details on how to install our standard log extension. This will overwrite the custom properties to use standard log format. 

 

  1. Download extension attached.
  2. In the QRadar console navigate to the "Admin" tab
  3. Click on "Extensions"
  4. Install the extension provided
  5. You will need to confirm that you want to overwrite the current extensions

If you re uninstall and re-install the Palo Alto Networks App for QRadar please be sure to uninstall this extension as well and re-install if needed.

 

Note: Uninstalling this extension will not restore LEEF format custom event properties. You will have to reinstall the app to get LEEF format to work.

 

 

Labels:
PaloAltoNetworksForQRadar_STD_CustomProperties.1.0.zip
Rate this article:
Comments
feaquilino
L0 Member
‎09-19-2017 01:28 PM

Hello,

 

We are using this extension to keep logs sent in standard format, because we send logs simultaneously to QRadar and to a syslog archive. Box is running 7.1.7.

 

There's a problem with Config logs. Messages are being sent with "Configuration Path", but fields "Before Change" and "After Change" are missing.

lparana
L0 Member
‎05-02-2018 01:02 PM

Hi everybody

 

I installed App Palo Alto Networks for Qradar 1.1.1 and Palo Alto Networks Std Log Format for QRadar 1.0 in Qradar 7.3.1, but the app not display any information.

 

In contact with IBM Support they sayd:

 

"I see that the installation was successful however you still do not see any data. This is a matter that is supported by Palo Alto since we only take care of the installation.

Unfortunately, you will need to contact the vendor "Palo Alto" for any setup or configuration issues at their end."

 

Somebody can help-me about this problem?

samatar
L0 Member
‎10-25-2018 04:21 AM

Hi everybody

 

Facing similar issue. We installed App Palo Alto apps for Qradar 1.2.0 successfully. But, the dashboard for the app is not displaying any information.  All Zeros

 

Somebody can help us about this problem?

yzamora1
L0 Member
‎11-05-2018 11:27 AM

did anyone get a response or resolution to the Palo Alto app not showing any data? 

 

 

hshawn
L4 Transporter
‎06-03-2019 09:42 AM

I have never actually seen this app working. Right now with the latest version of the app (1.2.0) and the standard log formatting app all we can see is the "Network Incidents", everything else is Error: Request failed with status code 422 

Graeme_Riddell
L2 Linker
‎05-12-2020 12:27 PM

We are having the same issue as well no data shown in app which is really disappointing.

barbosaa123474
L0 Member
‎10-13-2021 07:58 AM

Hello,

We have "Palo Alto Networks App for QRadar" installed on a QRadar.
But we are having problems checking events on log activity.

We can check the corresponding logs if we click on the graphs.

However, if we try to check an incident the log activity comes empty.
We've found the problem is reproduced because of an error in the AQL query that is generated by the app. The error is "username='null'". If we remove that "username='null'" or modify it by "username=null" the issue is fixed, but we need to do this manually every time we check an incident on the app and this is not the right way to use this app.

 

Do you know some way to fix this?

 

Thanks 🙂

  • 36785 Views
  • 7 comments
  • 1 Likes
Register or Sign-in
Contributors
Article Dashboard
Version history
Last Updated:
‎08-26-2019 12:44 PM
Updated by:
Retired Member
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks