- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
01-22-2018 01:49 AM
I was looking for ways to provide 'at-a-glance' visualisation of PANW firewall health, including traffic, threat, system & config logs. The stock capabilities, including ACC, are decent but somewhat lacking in providing NOC-style dashboards.
Inspired by other visualisation solutions I've seen around, such as the Splunk App & Graylog dashboards, I spent the last 48 hours tinkering with ElasticStack 6.1 and came up with a series of 9 dashboards (and 66 visualisations) that can be derived from PANW Firewall syslogs.
Dashboard examples here;
Overview: https://imgur.com/xxl0XCf
Traffic: https://imgur.com/xuxsmno
Applications: https://imgur.com/x7vdEwn
Threats: https://imgur.com/obE4dIb
System: https://imgur.com/O3A4p3n
There's another 4 dashboards too (Config, Threat [Warning+], URL & Blocked URLs)
The process of spinning up a Linux/Windows VM & installing Elastic Stack is pretty painless. Once done, dropping in the files required to create a syslog instance, ingest the syslogs and output the visualisations/dashboard is quite easy
I've put all the relevant information, including a full tutorial on installing Elastic Stack, up on GitHub: https://github.com/sm-biz/paloalto-elasticstack-viz
If anyone's interested, have a look and provide feedback. Any other types of dashboards that would be useful?
(Note: Wildfire dashboard is still-to-come, I need to generate some sample data)