Palo Alto OID alerts using AIOPs or Splunk

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Palo Alto OID alerts using AIOPs or Splunk

L1 Bithead

Hi All, 

         We recently had an issue where we saw the URL-Categories were unresolved and allowed user to access the blocked site. After investigation we identified that its a know issue with Palo version lower than 10.1.9, where the firewall will lose intermittently lose connectivity to PAN DB cloud. I am exploring various tools to setup alerting when this happens, one of the option i have currently started to explore is

1- AIOPs free version but I am unable to find much details if we can monitor an OID when PAN DB lose its connectivity. The particular OID that I found in Palo supported MIB list is "1.3.6.1.4.1.25461.2.1.3.2.0.2015". Does anyone know if this feature is currently available in AIOPs premium version?

 

panURLUrlCloudConnectionFailureTrap     "Failed to connect the cloud."
panURLUrlCloudConnectionSuccessTrap " Connects to the cloud successfully."

 

2- Is it possible to monitor OID using Splunk, Is there a specific setting that we need to enable to send logs from firewall to Splunk ?

 

Thank you in advance

 

 

 

 

1 REPLY 1

Cyber Elite
Cyber Elite

Hello,

Not sure about OID and Splunk. However there is a log that is generated if the cloud connection fails and perhaps a Splunk alarm could be created? They are in the 'System' logs.

 

( eventid eq url-cloud-connection-failure )

 

OtakarKlier_0-1717520237459.png

 

Hope this helps!

 

Regards,

  • 965 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!