Network Logs
      Back to home
      1. Radiant Help Center
      2. Getting Started
      3. Network Logs

      Palo Alto Prisma Access (syslog)

      Configure Palo Alto Prisma Access to forward syslog to Radiant Security.

      Overview

      Palo Alto Networks Prisma Access is a cloud-delivered security platform designed to provide secure access to applications and data for remote and mobile users. This guide will walk you through the steps needed to configure Prisma Access to forward logs to Radiant Security via syslog TLS.

      To complete this configuration, you’ll need to complete the following steps:

      Prerequisites

      • Access to the Palo Alto Networks Hub
      • You must have at least one of the following licenses to use Strata Cloud Manager: Prisma Access, AIOps for NGFW Premium, Prisma SD-WAN

      Add the data connector in Radiant Security

      1.   Log in to Radiant Security.
      2.   From the navigation menu, click Settings > Data Connectors and click + Add Connector.
      3.   Search for and select the Palo Alto Prisma Access option and then click Data Feeds. Screenshot 2024-08-21 at 15.31.31
      4.   Select the Palo Alto Prisma Access data feed and then click Credentials. Screenshot 2024-08-21 at 15.36.02
      5.   Under Credential Name, give the credential an identifiable name (e.g. PAN Credentials). If you already have a credential in place, select it from the drop-down menu. Click Credentials.

      6.   In the Connector tag field, enter a random value. This value will act as the salt to randomize the unique Token you’ll download in the next step.

      7.   Click Add Connector.

      		 Screenshot 2024-08-22 at 18.02.36
      8.   Save the Token value and use the Download File option to download the SSL certificate file. This token will be used in the upcoming section.
      9.   Click Done to save your changes. Screenshot 2024-08-22 at 18.03.44

      Configure log forwarding in Prisma Access Console

      1. Access the Palo Alto Networks Hub.
      2. Select the Strata Logging Service that you want to configure for syslog forwarding. If you are using Strata Cloud Manager to manage Strata Logging Service, navigate to Settings > Strata Logging Service > Log Forwarding
      3. On the Strata Logging Service, select Log Forwarding and click Add to add a new syslog forwarding profile.Untitled
      4. Fill the fields with the following values:
        • Name: Radiant Security Syslog Connector
        • Syslog Server: primary.syslog.radiantsecurity.ai
        • Port: 6514
        • Facility: LOG_LOCAL0
        • Under Server Authentication, click Upload and upload the CA certificate that you created in the Add the data connector in Radiant Security section.Untitled(1)
      5. Click Test Connection. If the test fails, refer to the last section of this guide for instructions on how to contact your Customer Success Manager.
      6. Click Next.
      7. Fill the fields with the following values:
        • Format: CEF
        • Delimiter: Space
        • Profile Token: Enter the Token that you generated in the Add the data connector in Radiant Security section
        • Filters: Click Add and select the following log types:
          • Traffic
          • Threat
          • URL
          • Data
          • Authentication
          • DNS Security
          • File
          • GlobalProtect
          • IPTag
          • URL
          • UserID
          • Remote Browser Isolation
      8. Click Save to save the changes.

      We value your opinion. Did you find this article helpful? Share your thoughts by clicking here or reach to our Product and Customer Success teams at support@radiantsecurity.ai 

       

      Last updated: 2024-08-28