Skip to main content
Important

This TA and App is now deprecated and will no longer receive updates or support. For continued support and future updates, please switch to the new app supported by Splunk.

Please follow the documentation for a migration path to use the Splunk supported Splunk App for Palo Alto Networks.

Please follow the documentation for a migration path to use the Splunk supported Splunk Add-on for Palo Alto Networks.

Getting Data Into Splunk

Splunk can collect data from Palo Alto Networks products, each providing a wealth of visibility and control.

Firewall and Panorama

Secure the network domain. Syslog network and system health events to Splunk.

Cortex XDR

Advanced threat detection. View Cortex XDR incidents in Splunk via API.

Cortex Data Lake via HTTP Event Collector(HEC)

Cloud based log management. Collect events directly from Cortex Data Lake using HTTP Event Collector(HEC).

IOT Security

Comprehensive IOT security. Collect IoT alerts and vulnerabilities via API.

Aperture

Secure your enterprise SaaS application. Splunk reaches out to the Aperture logging API to collect incidents and activity from your SaaS apps.

AutoFocus and MineMeld

Deprecated

MineMeld and AutoFocus has been deprecated as of 7.0.0

Threat Intelligence to help prioritize and contextualize the rest of your data in Splunk. AutoFocus tags are collected via the AutoFocus API and threat indicators are collected from a MineMeld output feed.

Traps Endpoint Protection

info

Traps Endpoint has been deprecated and replaced with Cortex XDR.

Secure the endpoint domain. Syslog endpoint security and operations events to Splunk.