Palo Alto Network Firewall
Palo Alto Network Firewall allows you to monitor and identify threats in your organization using Palo Alto Network Firewall data. Logpoint aggregates and normalizes logs from every Palo Alto Networks Firewall device so you can analyze the information through dashboards and security reports. The dashboards provide visualization related to traffic, threat, user, content, system and firewall configurations. When Logpoint identifies traffic, threats, user, content, system and firewall-related events with a potential risk to your environment, it triggers security alerts based on predetermined rules. The automated alerts enable you to detect possible issues early and take corrective actions against them.
Enhancement
| Description | Issue ID | Reference ID |
|---|---|---|
|
Palo Alto Network Firewall now supports PAN-OS 11.1 and later. The Vendor Field Map is also updated according to their latest public documentation published on December 2, 2024. |
PLUG-15824 | 84326 |
Key Information
From the next release, Logpoint will no longer support PAN-OS versions ‘9.1 and earlier’, 10.0, and 11.0, as Palo Alto has marked them as End of Life.
Past Releases
Palo Alto Network Firewall v5.6.0
Release Date: May 08, 2024
Supported On: Logpoint v6.7.0 and later
Download: Palo_Alto_Network_Firewall_5.6.0.pak
SHA256: 23c22d761e6006a6817032e48a07fed4ca46b51bfdac9b6ac2f93fdac67b628a
Enhancement
|
Description |
Issue ID |
Reference ID |
|---|---|---|
| Added Syslog Collector based PaloAlto log source template, simplifying the log source configuration process. To learn more, go to Creating Log Source via a Template. | KB-22637 | - |
Palo Alto Network Firewall v5.5.0
Release Date: June 02, 2023
Supported On: Logpoint v6.7.0 and later
Download: Palo_Alto_Network_Firewall_5.5.0.pak
SHA256: 038a9703f9bf26d7e95ec5bdbadc4785f9926826e1903c4f64714b89ff13724c
Enhancement
|
Description |
Issue ID |
Reference ID |
|---|---|---|
| Updated PaloAltoNetworkFirewallCompiledNormalizer to support PAN-OS v11.0 and v10.2 logs. |
KB-19929, KB-17594, KB-20012, KB-20089, KB-19774, KB-19314, KB-20012, KB-20086 |
72371, 67811, 72411, 74272, 72290, 67811, 71193 |
Bug Fix
|
Description |
Issue ID |
Reference ID |
|---|---|---|
| Some PaloAlto URL logs were not properly normalized by PaloAltoNetworkFirewallCompiledNormalizer. |
KB-19932 |
72614 |
Palo Alto Network Firewall v5.4.0
Release Date: Feb 28, 2023
Supported On: Logpoint v6.7.0 and later
Download: Palo_Alto_Network_Firewall_5.4.0.pak
SHA256: e2a204b65a3833afb8339eb2f115abc9a54a68e22dd9750e6af71da5548611ee
Enhancement
|
Description |
Issue ID |
Reference ID |
|---|---|---|
|
Parsed the description fields to extract lease_address, hardware_address, hostname and interface in PaloAltoNetworkFirewallCompiledNormalizer. |
KB-19226 | 71105 |
Bug Fixes
The following issues are now fixed:
|
Description |
Issue ID |
Reference ID |
|---|---|---|
| Some PAN-OS logs were not properly normalized by PaloAltoNetworkFirewallCompiledNormalizer. | KB-17155 | 67140 |
| The URL field of some PAN-OS v10.0 THREAT logs were not properly normalized in PaloAltoNetworkFirewallCompiledNormalizer. | KB-16667 | 65899 |
| The subject field of some PAN-OS v10.0 THREAT logs were not properly normalized in PaloAltoNetworkFirewallCompiledNormalizer. | KB-16838 | 66374, 68390 |
| The USERID field of PAN-OS logs were not properly normalized by PaloAltoNetworkFirewallCompiledNormalizer. | KB-17919, KB-16032, KB-17175 | 68502, 63946, 67143 |
| The timezone field in was incorrectly normalized in PAN-OS logs by PaloAltoCEFCompiledNormalizer. | KB-18217 | 68660 |
| Some TRAFFIC and THREAT logs were not normalized by PaloAltoNetworkFirewallCompiledNormalizer. | KB-18267 | 69118 |
Palo Alto Network Firewall v5.3.0
Enhancements
| Description | Issue ID | Reference ID |
|---|---|---|
| New signatures are added in PaloAltoNetworkFirewallCompiledNormalizer to support the PAN-OS v10.1 events as per the Palo Alto Network Firewall's official document. | KB-15859, KB-15707, KB-14285 | 63250, 62134, 60214 |
| Added support for the PAN-OS v10.0 THREAT logs with a new log format. To learn more, go to the Threat Log Fields section in Palo Alto Network Firewall v5.3.0 guide. | KB-15288 | 60847 |
| Enhanced the performance of the PaloAltoCEFCompiledNormalizer and PaloAltoNetworkFirewallCompiledNormalizer. | KB-13514 | - |
| Added the VPN label in the GLOBALPROTECT logs to make logs compatible for LogPoint UEBA. | KB-13607, KB-16093 | 63833 |
| Added the is_flow_offloaded field in the PAN-OS v10.1 TRAFFIC logs. | KB-13607 | - |
|
Removed the event_ts and selection_type fields from the PAN-OS v9.1 Global Protect logs. |
KB-16157, KB-16236 |
- |
| Some Palo Alto Network Firewall fields have been renamed. To learn more, go to the Appendix section in the Palo Alto Network Firewall v5.3.0 guide. |
Bug Fixes
The following issues are now fixed:
| Description | Issue IDs | Reference IDs |
|---|---|---|
|
Some PAN-OS v10.0 THREAT logs, PAN-OS v9.1.x, PAN-OS v9.1 CONFIG logs, and PAN-OS v10.0.x Global Protect logs were not normalized. |
KB-13809, KB-14273, KB-13712, KB-14301, KB-15773, KB-15558, KB-16093 | 52401, 58216, 59137, 60368, 60546, 61014, 59897, 60847, 57966, 63146, 61728, 63833 |
| The URL field of some PAN-OS v10.0 THREAT logs were not normalized. | KB-15632 | 62130 |
Palo Alto Network Firewall v5.2.0
Enhancements
|
Description |
Issue ID |
Zendesk Support ID |
||||||||
|
The application now includes new alert packages for the Palo Alto Network Firewall listed in the Package Details section above. |
KB-12152 |
52139 |
||||||||
|
In the compiled normalizer PaloAltoCEFCompiledNormalizer, for the Palo Alto Global Protect CEF logs, the fields user, client_os_version, and reason have been parsed from the field message. |
KB-11045 |
47269 |
||||||||
|
The compiled normalizer PaloAltoNetworkFirewallCompiledNormalizer now supports PAN-OS v10.0 events and Palo Alto Global Protect log for PAN-OS v9.1.0 to PAN-OS v9.1.2. In the compiled normalizer PaloAltoCEFCompiledNormalizer, the label Detect has been added in the Palo Alto Network Firewall logs for the following sub-category to comply with the Palo Alto Network Firewall convention:
|
- | - |
Bug Fixes
The following issues are now fixed:
|
Description |
Issue ID |
Zendesk Support ID |
|
An issue where some Palo Alto Network Firewall Threat and Traffic Syslog were not properly normalized. |
KB-13452 |
57019 |
|
An issue where some USER-ID logs for Palo Alto Network Firewall v9.0 were not normalized. |
- |
- |
|
An issue where the field User Device Serial Number was missing in the HIP Match log of Palo Alto Network Firewall v9.1. |
- | - |
Palo Alto Network Firewall v3.6.0
Release version: 3.6.0
Release Date: May 14, 2020
Supported On: Logpoint v6.0.0 to v6.6.6
Download: PaloAltoNetworkFirewall_3.6.0.zip
SHA256: cf952a31c0bde19d5e838aef379cee17cbf4cc9e85c3d64e480818170fbcba96
Palo Alto Network Firewall has been upgraded to support Logpoint v6.7.0
Enhancement
A minor update has been done in the Palo Alto Network Firewall's normalizer for better signature handling.
Support
If you have any questions or require assistance, create a support ticket.
Comments
Article is closed for comments.