Getting Data Into Splunk

Splunk can collect data from Palo Alto Networks products, each providing a wealth of visibility and control.

Firewall and Panorama

Secure the network domain. Syslog network and system health events to Splunk.

• More information about Next-generation Firewall
• More information about Panorama
• Bring Firewall and Panorama data into Splunk

Cortex XDR

Advanced threat detection. View Cortex XDR incidents in Splunk via API.

• More information about Cortex XDR
• View Cortex XDR Incidents in Splunk

Cortex Data Lake via HTTP Event Collector(HEC)

Cloud based log management. Collect events directly from Cortex Data Lake using HTTP Event Collector(HEC).

• More information about Cortex Data Lake
• Retrieve Cortex Data Lake Logs

IOT Security

Comprehensive IOT security. Collect IoT alerts and vulnerabilities via API.

• More information about IoT Security
• Bring IOT Security into Splunk

Aperture

Secure your enterprise SaaS application. Splunk reaches out to the Aperture logging API to collect incidents and activity from your SaaS apps.

• More information about Aperture SaaS Protection
• Bring Aperture data into Splunk

AutoFocus and MineMeld

Deprecated

MineMeld and AutoFocus has been deprecated as of 7.0.0

Threat Intelligence to help prioritize and contextualize the rest of your data in Splunk. AutoFocus tags are collected via the AutoFocus API and threat indicators are collected from a MineMeld output feed.

• More information about AutoFocus
• More information about MineMeld
• Bring AutoFocus and MineMeld data into Splunk

Traps Endpoint Protection

info

Traps Endpoint has been deprecated and replaced with Cortex XDR.

Secure the endpoint domain. Syslog endpoint security and operations events to Splunk.

• More information about Traps Endpoint Protection
• Bring Traps data into Splunk