ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.
Currently there is a project to upgrade all Palo Alto's to a 8.x.x platform.
What MM version is support currently recommending fo PAN OS 8.x.x version?
Also need to consider Active directory integration as an option within the upgraded design. How we can acheive this?
I am not working for PAN, so I can't vouch for the recommendation, but at our company we have been using minemeld successfully since summer 2017, and just now starting to use minemeld together with other software stacks, like a SIEM and graylog.
We were looking into this article:
And thought of using graylog for the receiving end, as this was a system we already use internally, nothing more special in that :)
Though I am having some issues getting it to work, as there are no correlations being sent out, so haven't looked more into it the last couple of months.
Very interesting @borising!
I actually wound up doing something very similar to this by using MM and Splunk Free. MM sends LogStash info to Splunk, and NGFW sends syslogs to Splunk. Works pretty well! Here are the MM apps for Splunk:
And for the NGFW syslog parsing, the PAN plugins for Splunk work perfectly.
That´s perfect! I was just looking at the same setup for my home lab, will try it out! Thank you for joining in with your valuable feedback, much appreciated!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!