This TA and App is now deprecated and will no longer receive updates or support. For continued support and future updates, please switch to the new app supported by Splunk.
Please follow the documentation for a migration path to use the Splunk supported Splunk App for Palo Alto Networks.
Please follow the documentation for a migration path to use the Splunk supported Splunk Add-on for Palo Alto Networks.
Getting Data Into Splunk
Splunk can collect data from Palo Alto Networks products, each providing a wealth of visibility and control.
Firewall and Panorama
Secure the network domain. Syslog network and system health events to Splunk.
- More information about Next-generation Firewall
- More information about Panorama
- Bring Firewall and Panorama data into Splunk
Cortex XDR
Advanced threat detection. View Cortex XDR incidents in Splunk via API.
Cortex Data Lake via HTTP Event Collector(HEC)
Cloud based log management. Collect events directly from Cortex Data Lake using HTTP Event Collector(HEC).
IOT Security
Comprehensive IOT security. Collect IoT alerts and vulnerabilities via API.
Aperture
Secure your enterprise SaaS application. Splunk reaches out to the Aperture logging API to collect incidents and activity from your SaaS apps.
AutoFocus and MineMeld
MineMeld and AutoFocus has been deprecated as of 7.0.0
Threat Intelligence to help prioritize and contextualize the rest of your data in Splunk. AutoFocus tags are collected via the AutoFocus API and threat indicators are collected from a MineMeld output feed.
- More information about AutoFocus
- More information about MineMeld
- Bring AutoFocus and MineMeld data into Splunk
Traps Endpoint Protection
Traps Endpoint has been deprecated and replaced with Cortex XDR.
Secure the endpoint domain. Syslog endpoint security and operations events to Splunk.