Skip to main content

PaloAlto

Palo Alto Networks (PAN-OS) — источник событий безопасности и сетевой активности, поступающих с NGFW. Логи включают данные о сессиях, трафике, угрозах, системных событиях, аутентификации и администрировании. Используются для корреляции инцидентов, выявления атак и анализа сетевого поведения. 

 

Типы собираемых событий
  • Аутентификация
  • Изменение конфигурации
  • Информация о сетевых сессиях
Способ интеграции - Syslog

 

<14>Oct 23 19:57:20 DEMO-NGFW 1,2025/10/23 19:57:20,007954000611466,TRAFFIC,end,2562,2025/10/23 19:57:20,172.16.1.101,8.8.8.8,1.2.9.5,8.8.8.8,Allow - to Internet,,,dns-base,vsys1,Zone1,Zone2,ethernet1/5,ethernet1/4,Rule1,2025/10/23 19:57:20,226468,1,62119,53,1757,53,0x400019,udp,allow,262,99,163,2,2025/10/23 19:56:48,0,any,,7553303471644639363,0x0,172.16.0.0-172.31.255.255,United States,,1,1,aged-out,0,0,0,0,,DEMO-NGFW,from-policy,,,0,,0,,N/A,0,0,0,0,c950b3fc-0861-4869-b734-cda049e8efb9,0,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2025-10-23T19:57:20.110+05:00,,,infrastructure,networking,network-protocol,3,"used-by-malware,has-known-vulnerability,pervasive-use",dns,dns-base,no,no,0
<12>Oct 23 20:07:11 DEMO-NGFW 1,2025/10/23 20:07:11,007954000611466,SYSTEM,auth,2562,2025/10/23 20:07:11,,auth-fail,,0,0,general,medium,"failed authentication for user 'admin'.  Reason: Invalid username/password. From: 172.16.1.2.",7553303475874058474,0x0,0,0,0,0,,DEMO-NGFW,0,0,2025-10-23T20:07:11.169+05:00
<14>Oct 23 20:05:01 DEMO-NGFW 1,2025/10/23 20:05:01,007954000611466,SYSTEM,auth,2562,2025/10/23 20:05:01,,auth-success,,0,0,general,informational,"authenticated for user 'admin'.   From: 172.16.1.2.",7553303475874058376,0x0,0,0,0,0,,DEMO-NGFW,0,0,2025-10-23T20:05:01.544+05:00
<14>Oct 23 20:09:16 DEMO-NGFW 1,2025/10/23 20:09:16,007954000611466,SYSTEM,general,2562,2025/10/23 20:09:16,,general,,0,0,general,informational,"Connection to Update server: updates.paloaltonetworks.com completed successfully, initiated by 18.22.91.5",7553303475874058563,0x0,0,0,0,0,,DEMO-NGFW,0,0,2025-10-23T20:09:16.798+05:00
<14>Oct 23 20:07:20 DEMO-NGFW 1,2025/10/23 20:07:20,007954000611466,SYSTEM,general,2562,2025/10/23 20:07:20,,general,,0,0,general,informational,"User admin logged in via Web from 172.16.1.2 using https",7553303475874058485,0x0,0,0,0,0,,DEMO-NGFW,0,0,2025-10-23T20:07:20.811+05:00
<14>Oct 23 20:10:21 DEMO-NGFW 1,2025/10/23 20:10:20,007954000611466,SYSTEM,vpn,2562,2025/10/23 20:10:21,,ike-generic-event,,0,0,general,informational,"unknown ikev2 peer",7553303475874058609,0x0,0,0,0,0,,DEMO-NGFW,0,0,2025-10-23T20:10:21.145+05:00


 

 

 

 

Back to top