Log Forwarding Articles
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Featured Article
For this example, I am using HTTP log forwarding along with IFTTT to get a push notification on my iPhone every time there is a Critical Threat event.   Step 1 Install IFTTT and sign up for an account on your desktop at ifttt.com Once you are logged in through your browser, go to https://ifttt.com/maker and connect Maker to your account.  Next, click on the settings icon, and follow the link to your Maker URL Take note of the example URL, as it contains your API key.   Step 2 Create a new IFTTT applet   Click on the My Applets menu item, then click the New Applet button.  The first half of the applet is If This – click on “+this” and search for the Maker service.  Under the Maker service, select the Web Request Trigger and configure it as shown below   Complete your applet by setting the action to a Notification Step 3   Configure the firewall log forwarding settings   Create a new HTTP log server profile.  Add a new server, setting the Address to maker.ifttt.com.  Configure the server to use either HTTP or HTTPS, and set the HTTP Method to POST.  Under Payload Format, edit the Threat format as shown below     The URL format should be set to: trigger/Critical_Threat/with/key/<<YOUR KEY HERE>>   Note – this is from the URL you got from the Maker service settings in step 1.   Set the Payload to: value1="$device_name"&value2="$threatid"&value3="$receive_time"   Then send a Test log – your IFTTT app should notify you at this point.       Step 4 Configure a log profile for critical threats to use the push service   Create a new log forwarding profile, or edit your existing one to forward Threat logs with the Filter set to (severity eq critical), then add your new HTTP server under forwarding method.  Apply this log forwarding profile to any security policies with Threat Prevention to trigger push notifications automatically.     Created by Darren Rogers.
View full article
  • 8 Posts
  • 223 Subscriptions
Customer Advisories

Your security posture is important to us. If you’re a Palo Alto Networks customer, be sure to login to see the latest critical announcements and updates in our Customer Advisories area.

Learn how to subscribe to and receive email notifications here.

Listen to PANCast

PANCast is a Palo Alto Networks podcast that provides actionable insights to customers, helping you maximize your investment while improving your cybersecurity posture.

Top Contributors