App for QRadar Articles

  Panels are not showing any data   1. Check to see if logs are being forwarded properly Confirm you are receiving LEEF log format in QRadar, navigate to the “Log Activity” tab of QRadar and create an advanced search:   SELECT UTF8(payload) FROM events WHERE devicetype=206   No Results Check log forwarding configurations in the Firewall/Panorama. Refer to the getting started guide on how to setup log forwarding from the Firewall/Panorama.   Results Double check that the log contains the word   LEEF   in the payload. If   LEEF   does not exist in the payload then you have setup log forwarding with standard log format. By default QRadar expects logs to be in LEEF format. Refer to the getting started guide on how to send logs in LEEF format.   LEEF Log Forwarding Guide NOTE: Make sure you are using LEEF format for PAN-OS v7.0-v8.0+   If LEEF exist in the payload, then there may be an issue with the custom properties.     2. Check that custom properties are correct Confirm each field is being parsed by running this search in the "Log Activity" tab of QRadar.   SELECT "PANW-type", "PANW-subtype", "PANW-category", "PANW-filename", "PANW-threatid", "PANW-vendor-action" from events WHERE "PANW-type"='THREAT'   The columned returned should have values in them. If you are receiving "NA" in the column then there is an issue with the parser.   Navigate to the admin panel and click on " Extensions" and c onfirm that the "Palo Alto Networks   LEEF to Standard log" extension   is   NOT   installed. This extension is only required if if logs are being sent in the standard log format. This format is not recommended by QRadar. The recommended log format is LEEF.   LEEF to standard log extension was installed Uninstall both the App and the extension. Then reinstall only the Palo Alto Networks QRadar App.   LEEF logs are being sent but still receiving "NA" in the columns You may have setup the older LEEF log format on the Firewall/Panorama. In this case please review the LEEF Log Forwarding Guide and make sure you are using PAN-OS v7.0 - v8.0+ format in the log forwarding profile.    LEEF Log Forwarding Guide NOTE: Make sure you are using LEEF format for PAN-OS v7.0-v8.0+   For further support please contact qradar@paloaltonetworks.com  
View full article
panguyen ‎01-19-2019 09:12 AM
720 Views
0 Replies
Palo Alto Networks and IBM have partnered to deliver advanced security reporting and analytics to the the widely used IBM® QRadar® SIEM. Integrate QRadar seamlessly with the Palo Alto Networks platform to streamline operations and improves security.
View full article
btorresgil ‎01-02-2019 02:40 PM
16,479 Views
3 Replies
3 Likes
 As of Palo Alto Networks App for QRadar version 1.1.0, we have exclusively switched to LEEF log format support. Below are the details on how to install our standard log extension. This will overwrite the custom properties to use standard log format.    Download extension attached. In the QRadar console navigate to the "Admin" tab Click on "Extensions" Install the extension provided You will need to confirm that you want to overwrite the current extensions If you re uninstall and re-install the Palo Alto Networks App for QRadar please be sure to uninstall this extension as well and re-install if needed.   Note: Uninstalling this extension will not restore LEEF format custom event properties. You will have to reinstall the app to get LEEF format to work.    
View full article
panguyen ‎03-07-2017 08:10 AM
11,016 Views
5 Replies
1 Like