Palo Alto Networks Firewall Logs¶
The Palo Alto App includes a data models that is used by searches and dashboards.
All the app’s dashboards are based on this accelerated data model for extremely fast data retrieval and visualization. So the app itself is using the same Data Model that Splunk administrators would use to generate visualizations.
| Dataset name | Dataset ID | Description |
|---|---|---|
Firewall Logs |
logs | Searches the following logs: traffic, threat, config, system, hipmatch, correlation, globalprotect, and firewall cloud |
-Traffic |
traffic | Searches traffic logs and firewall cloud logs with logtype TRAFFIC |
--Flow Start |
start | Searches for log_subtype start |
--Flow End |
end | Searches for log_subtype end |
-Threat |
threat | Searches threat logs and firewall cloud logs with logtype THREAT |
--Vulnerability |
vulnerability | Searches log_subtype vulnerability |
--Virus |
virus | Searches log_subtype virus |
--Spyware |
spyware | Searches log_subtype spyware |
-URL Filtering |
url | Searches threat logs and log_subtype url |
-File Blocking |
file | Searches threat logs and log_subtype file |
-Data Filtering |
data | Searches threat logs and log_subtype data |
-WildFire |
wildfire | Searches threat logs and log_subtype wildfire |
--Benign File |
benign | Searches for verdict set to benign |
--Malicious File |
malicious | Searches for verdict not set to benign |
-Config |
config | Searches config logs |
-System |
system | Searches system logs and firewall cloud logs with logtype SYSTEM |
-Correlation |
correlation | Searches correlation logs and firewall cloud logs with logtype CORRELATION |
-GlobalProtect |
GlobalProtect | Searches globalprotect logs and firewall cloud logs with logtype GLOBALPROTECT |