> For the complete documentation index, see [llms.txt](https://help.radiantsecurity.ai/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://help.radiantsecurity.ai/radiant-connectors/network-security/palo-alto-networks/palo-alto-networks-prisma-access.md).

# Palo Alto Networks Prisma Access

Palo Alto Networks Prisma Access is a cloud-delivered security platform that secures access for remote users and branch offices, inspecting traffic to block malware, intrusions, and risky web activity. Connecting Prisma Access forwards traffic, threat, URL, and authentication logs to Radiant Security over TLS syslog. Radiant uses the log data to triage access and threat alerts in context, giving analysts faster verdicts on whether observed activity reflects a real compromise or routine user behavior.

### Prerequisites

* [ ] Admin access to Palo Alto Networks Hub
* [ ] A Strata Cloud Manager license (Prisma Access, AIOps for NGFW Premium, or Prisma SD-WAN)

### Add the data connector in Radiant Security

1. Log in to [Radiant Security](https://app.radiantsecurity.ai/).
2. From the navigation menu, click **Settings** > **Data Connectors**, then click **+ Add Connector**.
3. Search for and select **Palo Alto Prisma Access**, then click **Data Feeds**.
4. Under **Select your data feeds**, select **Palo Alto Prisma Access**, then click **Credentials**.
5. Under **Credential Name**, enter an identifiable name (e.g., `PAN Credentials`). To reuse an existing credential, select it from the drop-down menu.
6. In the **Connector tag** field, enter a random value. This value acts as the salt to randomize the **Token** you download in the next step.
7. Click **Add Connector**.
8. Save the **Token** value and use **Download Files** to download the SSL certificate file. You use both in the next section.
9. Click **Done** to save your changes.

### Configure log forwarding in Prisma Access

1. Go to the [Palo Alto Networks Hub](https://apps.paloaltonetworks.com/apps).
2. Select the **Strata Logging Service** you want to configure for syslog forwarding. If you use Strata Cloud Manager to manage **Strata Logging Service**, navigate to **Settings** > **Strata Logging Service** > **Log Forwarding**.
3. Select the **Syslog** tab, then click **+** to add a new syslog forwarding profile.
4. Configure:
   * **Name**: `Radiant Security Syslog Connector`
   * **Syslog Server**: `primary-k8s.syslog.radiantsecurity.ai`
   * **Port**: `6514`
   * **Facility**: `LOG_LOCAL0`
   * Under **Server Authentication**, click **Upload** and upload the CA certificate you downloaded during the data connector setup.
5. Click **Test Connection**. If the test fails, contact your Customer Success Manager.
6. Click **Next**.
7. Configure:
   * **Format**: CEF
   * **Delimiter**: Space
   * **Profile Token**: enter the **Token** you saved during the data connector setup.
   * **Filters**: click **Add** and select these log types: **Traffic**, **Threat**, **URL**, **Data**, **Authentication**, **DNS Security**, **File**, **GlobalProtect**, **IPTag**, **UserID**, and **Remote Browser Isolation**.
8. Click **Save**.

### Verify ingestion

After Palo Alto Networks Prisma Access begins forwarding, confirm alerts and events are reaching Radiant.

1. In Radiant, navigate to [Log Management](https://app.radiantsecurity.ai/logs).
2. Filter by `rs_connectorType:"pan_prisma"`.
3. Confirm recent alerts and events appear.

{% hint style="info" %}
Allow several minutes for alerts and events to be parsed, indexed, and available for search.
{% endhint %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.radiantsecurity.ai/radiant-connectors/network-security/palo-alto-networks/palo-alto-networks-prisma-access.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.