Palo Alto Prisma Access (syslog)

In this guide, you'll configure Palo Alto Networks Prisma Access to set up Prisma Access to forward logs securely to Radiant Security using syslog TLS.

Prerequisites

• Access to the Palo Alto Networks Hub

• You must have at least one of the following licenses to use Strata Cloud Manager: Prisma Access, AIOps for NGFW Premium, Prisma SD-WAN

Add the data connector in Radiant Security

1. Log in to Radiant Security.

2. From the navigation menu, click Settings > Data Connectors and click + Add Connector.

3. Search for and select the Palo Alto Prisma Access option and then click Data Feeds.

4. Under Select your data feeds, select the Palo Alto Prisma Access data feed and then click Credentials.

5. Under Credential Name, give the credential an identifiable name (e.g. PAN Credentials). If you already have a credential in place, select it from the drop-down menu. Click Credentials.

6. In the Connector tag field, enter a random value. This value will act as the salt to randomize the unique Token you’ll download in the next step.

7. Click Add Connector.

8. Save the Token value and use the Download Files option to download the SSL certificate file. This token will be used in the upcoming section.

9. Click Done to save your changes.

Configure log forwarding in Prisma Access Console

1. Access the Palo Alto Networks Hub.

2. Select the Strata Logging Service that you want to configure for syslog forwarding. If you are using Strata Cloud Manager to manage Strata Logging Service, navigate to Settings > Strata Logging Service > Log Forwarding.

3. Select the Syslog tab and click + to add a new syslog forwarding profile.

4. Fill the fields with the following values:

   • Name: Radiant Security Syslog Connector

   • Syslog Server: primary-k8s.syslog.radiantsecurity.ai

   • Port: 6514

   • Facility: LOG_LOCAL0

   • Under Server Authentication, click Upload and upload the CA certificate that you created in the Add the data connector in Radiant Security section.

5. Click Test Connection. If the test fails, refer to the last section of this guide for instructions on how to contact your Customer Success Manager.

6. Click Next.

7. Fill the fields with the following values:

   1. Format: CEF

   2. Delimiter: Space

   3. Profile Token: Enter the Token that you generated in the Add the data connector in Radiant Security section.

   4. Filters: Click Add and select the following log types:

      • Traffic

      • Threat

      • URL

      • Data

      • Authentication

      • DNS Security

      • File

      • GlobalProtect

      • IPTag

      • URL

      • UserID

      • Remote Browser Isolation

8. Click Save to save the changes.