I was looking for ways to provide 'at-a-glance' visualisation of PANW firewall health, including traffic, threat, system & config logs. The stock capabilities, including ACC, are decent but somewhat lacking in providing NOC-style dashboards.
Inspired by other visualisation solutions I've seen around, such as the Splunk App & Graylog dashboards, I spent the last 48 hours tinkering with ElasticStack 6.1 and came up with a series of 9 dashboards (and 66 visualisations) that can be derived from PANW Firewall syslogs.
Dashboard examples here;
There's another 4 dashboards too (Config, Threat [Warning+], URL & Blocked URLs)
The process of spinning up a Linux/Windows VM & installing Elastic Stack is pretty painless. Once done, dropping in the files required to create a syslog instance, ingest the syslogs and output the visualisations/dashboard is quite easy
I've put all the relevant information, including a full tutorial on installing Elastic Stack, up on GitHub: https://github.com/sm-biz/paloalto-elasticstack-viz
If anyone's interested, have a look and provide feedback. Any other types of dashboards that would be useful?
(Note: Wildfire dashboard is still-to-come, I need to generate some sample data)
Awesome. Thanks. Took me about a day to get this up and running on Ubuntu 18. The installation of Java 8 has changed, the PPA repo is no longer a viable solution, had to install it manually. The only other thing that tripped me up was the sysylog port, it was 5514 instead of the usual 514. Once I changed that on the syslog forward in the PA, everything started flowing ing in.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!