Palo Alto Networks Application for QRadar

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
L4 Transporter
63% helpful (5/8)

Overview

Palo Alto Networks and IBM have partnered to deliver advanced security reporting and analytics to the the widely used IBM® QRadar® SIEM. Integrate QRadar seamlessly with the Palo Alto Networks platform to streamline operations and improves security. The Palo Alto Networks app for QRadar enables these capabilities by allowing the security operations team to reduce, prioritize, and correlate Palo Alto Networks events using the QRadar dashboard, and leverage offenses and offense workflows created automatically, enabling rapid response to the most critical threats from a single dashboard.

 

System Requirements:

  • IBM QRadar version 7.2.8 or higher
  • Palo Alto Networks PAN-OS 7.0 or higher

 

Installation Steps:

  1.  Download the Palo Alto Networks app for QRadar from the IBM App Exchange: 
    https://exchange.xforce.ibmcloud.com/hub/extension/Palo%20Alto%20Networks:Palo%20Alto%20Networks%20A...
  2. Upload and install the app on IBM QRadar using the following documentation from IBM: 
    https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.3.1/com.ibm.apps.doc/t_Qapps_upload.html
  3. Configure the Palo Alto Networks firewall to send syslogs to IBM QRadar: 
    https://www.ibm.com/support/knowledgecenter/en/SS42VS_DSM/t_dsm_guide_palo_alto_syslog_dest.html?cp=...

 

LEEF log format is the recommended setup however, if your company can not use LEEF logging standard for QRadar, we have an extension available for PAN-OS standard log format available here:

https://live.paloaltonetworks.com/t5/App-for-QRadar-Articles/LEEF-Log-Format-to-Standard-Log-Format-...

 

No further configuration is needed. Logs sent from the Palo Alto Networks firewall in the default syslog format are automatically identified by QRadar and the app.

 

 

Demo Video

 

Support

 

IBM QRadar

See Getting Support for IBM Security QRadar products in the IBM Support site
http://www-01.ibm.com/support/docview.wss?uid=swg21616144.

 

Palo Alto Networks firewall support

Open a ticket with Palo Alto Networks TAC at:

Opening a Case with Customer Support

 

Rate this article:
Comments
L0 Member

The 3rd url in the installation steps in moved, can that be made available.

L2 Linker

Thanks I have updated the URL. 

L0 Member

Hi, It seems like the current app is deprecated because of old O/S . Is there any plan to publish new app ? Thanks

L0 Member

We use Qradar as our SIEM and need to know if there are plans to update this app to work with newer versions of QRadar anytime soon?

  • 42849 Views
  • 4 comments
  • 3 Likes
Register or Sign-in
Contributors
Article Dashboard
Version history
Last Updated:
‎08-26-2019 12:50 PM
Updated by:
Retired Member