Forward Logs to Panorama
Table of Contents
4.2 (EoS)
Expand all | Collapse all
-
- Set Up the Endpoint Infrastructure
- Activate Traps Licenses
-
- Endpoint Infrastructure Installation Considerations
- TLS/SSL Encryption for Traps Components
- Configure the MS-SQL Server Database
- Install the Endpoint Security Manager Server Software
- Install the Endpoint Security Manager Console Software
- Manage Proxy Communication with the Endpoint Security Manager
- Load Balance Traffic to ESM Servers
-
- Malware Protection Policy Best Practices
- Malware Protection Flow
- Manage Trusted Signers
-
- Remove an Endpoint from the Health Page
- Install an End-of-Life Traps Agent Version
-
-
- Traps Troubleshooting Resources
- Traps and Endpoint Security Manager Processes
- ESM Tech Support File
-
- Access Cytool
- View the Status of the Agent Using Cytool
- View Processes Currently Protected by Traps Using Cytool
- Manage Logging of Traps Components Using Cytool
- Restore a Quarantined File Using Cytool
- View Statistics for a Protected Process Using Cytool
- View Details About the Traps Local Analysis Module Using Cy...
- View Hash Details About a File Using Cytool
Forward Logs to Panorama
The ESM supports additional log forwarding to Panorama.
When integrated with the ESM, Panorama serves as a Syslog receiver
that ingests logs from ESM components using Syslog over TCP, UDP
or SSL. The ESM supports external log forwarding to up to two different devices—one
of which can be to a log collector or a Panorama which also serves
as a log collector—and to email. However, unlike the configuration
for an external logging platform or email address, you cannot select
individual events to forward to Panorama. Instead, the ESM automatically
sends all events to Panorama.
Forwarding logs to a Panorama log collector yields the following
benefits:
- Panorama provides a single user interface through which you can view all ESM and Traps activity. This enables you to manage both network and endpoint health in one place.
- Panorama can correlate discrete security-events that occur on the endpoints with what’s happening on the network to trace any suspicious or malicious activity across the endpoints and the firewall. This integrated view gives you more context on the chronology of events and the evidence you need to detect, identify, and respond to an incident.
Because a Panorama virtual appliance in legacy mode cannot
ingest Traps logs, you must use a Panorama virtual appliance in
Panorama mode.