cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who rated this post

Free visualisation (NOC screenboards) for PANW firewall performance/monitoring using Elastic Stack

L2 Linker

I was looking for ways to provide 'at-a-glance' visualisation of PANW firewall health, including traffic, threat, system & config logs. The stock capabilities, including ACC, are decent but somewhat lacking in providing NOC-style dashboards.

 

Inspired by other visualisation solutions I've seen around, such as the Splunk App & Graylog dashboards, I spent the last 48 hours tinkering with ElasticStack 6.1 and came up with a series of 9 dashboards (and 66 visualisations) that can be derived from PANW Firewall syslogs.

 

Dashboard examples here;

There's another 4 dashboards too (Config, Threat [Warning+], URL & Blocked URLs)

 

The process of spinning up a Linux/Windows VM & installing Elastic Stack is pretty painless. Once done, dropping in the files required to create a syslog instance, ingest the syslogs and output the visualisations/dashboard is quite easy

 

I've put all the relevant information, including a full tutorial on installing Elastic Stack, up on GitHub: https://github.com/sm-biz/paloalto-elasticstack-viz

 

If anyone's interested, have a look and provide feedback. Any other types of dashboards that would be useful?

(Note: Wildfire dashboard is still-to-come, I need to generate some sample data)

Who rated this post