Palo Alto Networks Application for QRadar
cancel
Showing results for 
Search instead for 
Did you mean: 
L4 Transporter
Did you find this article helpful? Yes No
72% helpful (5/7)

Overview

Palo Alto Networks and IBM have partnered to deliver advanced security reporting and analytics to the the widely used IBM® QRadar® SIEM. Integrate QRadar seamlessly with the Palo Alto Networks platform to streamline operations and improves security. The Palo Alto Networks app for QRadar enables these capabilities by allowing the security operations team to reduce, prioritize, and correlate Palo Alto Networks events using the QRadar dashboard, and leverage offenses and offense workflows created automatically, enabling rapid response to the most critical threats from a single dashboard.

 

System Requirements:

  • IBM QRadar version 7.2.8 or higher
  • Palo Alto Networks PAN-OS 7.0 or higher

 

Installation Steps:

  1.  Download the Palo Alto Networks app for QRadar from the IBM App Exchange: 
    https://exchange.xforce.ibmcloud.com/hub/extension/Palo%20Alto%20Networks:Palo%20Alto%20Networks%20A...
  2. Upload and install the app on IBM QRadar using the following documentation from IBM: 
    https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.3.1/com.ibm.apps.doc/t_Qapps_upload.html
  3. Configure the Palo Alto Networks firewall to send syslogs to IBM QRadar: 
    https://www.ibm.com/support/knowledgecenter/en/SS42VS_DSM/t_dsm_guide_palo_alto_syslog_dest.html?cp=...

 

LEEF log format is the recommended setup however, if your company can not use LEEF logging standard for QRadar, we have an extension available for PAN-OS standard log format available here:

https://live.paloaltonetworks.com/t5/App-for-QRadar-Articles/LEEF-Log-Format-to-Standard-Log-Format-...

 

No further configuration is needed. Logs sent from the Palo Alto Networks firewall in the default syslog format are automatically identified by QRadar and the app.

 

 

Demo Video

 

Support

 

IBM QRadar

See Getting Support for IBM Security QRadar products in the IBM Support site
http://www-01.ibm.com/support/docview.wss?uid=swg21616144.

 

Palo Alto Networks firewall support

Open a ticket with Palo Alto Networks TAC at:

Opening a Case with Customer Support

 

Rate this article:
Comments
L0 Member

The 3rd url in the installation steps in moved, can that be made available.

L2 Linker

Thanks I have updated the URL. 

Register or Sign-in
Article Dashboard
Version history
Last update:
‎08-26-2019 12:50 PM
Updated by:
Retired Member
Contributors