Strata Logging Service
Introduction to Strata Logging Service
Table of Contents
Introduction to Strata Logging Service
Learn about the cloud-based logging infrastructure provided
by Palo Alto Networks.
| Where Can I Use This? | What Do I Need? |
|---|---|
| One of these:
|
Palo Alto Networks® Strata Logging Service provides cloud-based, centralized log
storage and aggregation for your on premise, virtual (private cloud and public cloud)
firewalls, for Prisma Access, and for cloud-delivered services such as Cortex
XDR.
Strata Logging Service is secure, resilient, and fault-tolerant, and it ensures your
logging data is up-to-date and available when you need it. It provides a scalable
logging infrastructure that alleviates the need for you to plan and deploy Log
Collectors to meet your log retention needs. If you already have on premise Log
Collectors, the new Strata Logging Service can easily complement your
existing setup. You can augment your existing log collection infrastructure with the
cloud-based Strata Logging Service to expand operational capacity as your
business grows, or to meet the capacity needs for new locations.
With this service, Palo Alto Networks takes care of the ongoing maintenance and monitoring of the
logging infrastructure so that you can focus on your business.
Strata Logging Service interacts with several different products.
Some products send logs to Strata Logging Service, while others use it to view
and analyze the log data.
Features of Strata Logging Service
Use the Strata Logging Service to-- Check the status of a Strata Logging Service instance
- viewthe devices and tenants onboarded to Strata Logging Service instance.
- Configure log storage quota
- Search, filter, and export log data
- Forward log data to a Syslog server, https server, or an email server for long-term storage, SOC, or internal audit.
Products that send logs to Strata Logging Service
|
You can onboard individual firewalls directly to Strata Logging Service. Use the Strata Logging Service app to view all log records
that the firewalls forward to Strata Logging Service.
| |
|
If you’re using Panorama, you can onboard firewalls to Strata Logging Service at scale, instead of onboarding
each individual firewall. All Strata Logging Service logs
are visible directly in Panorama.
| |
|
With Prisma Access, Palo Alto Networks deploys and manages the
security infrastructure globally to secure your remote networks
and mobile users. Prisma Access logs directly to Strata Logging Service. You can view the logs, ACC, and
reports from Panorama for an aggregated view into your remote
network and mobile user traffic. To enable logging for Prisma
Access, you must purchase a Strata Logging Service
license. Log traffic does not use the licensed bandwidth you
purchased for Prisma Access.
|
Products that use logs stored in Strata Logging Service
|
AIOps for NGFW uses Strata Logging Service log
data to assess the health of your firewalls and generate alerts.
You can also view Strata Logging Service log data from
within AIOps for NGFW.
| |
|
Prisma Access
(Cloud-Managed)
|
Cloud-managed Prisma Access enables you to view and filter your log
data, and it can generate reports on
your log data.
|
|
IoT Security is a cloud-based app that ingests the device data
that next-generation firewalls collect from network traffic and
send to Strata Logging Service. IoT Security then uses
this data to discover the “things” on your network and identify
normal device behavior and detect suspicious activity.
| |
|
SaaS Security Inline uses Strata Logging Service logs to
discover users and provide SaaS application usage
data about those users.
| |
| Cortex XDR |
If you extend your firewall security policy to mobile
users and remote networks using Prisma Access or GlobalProtect,
you can also forward related traffic logs to Strata Logging Service. The analytics engine can then
analyze those logs and raise alerts on anomalous behavior.
|
| Cortex XSOAR | In Cortex XSOAR Marketplace, install the Strata Logging Service Content Pack to run queries for critical threat logs, social applications, threat logs, etc. You can also Install the PAN-OS to Strata Logging Service Monitoring content pack to monitor the PAN-OS FW log in a recurring job. |
| Cortex Xpanse™ |
Cortex
Xpanse™ consumes GlobalProtect login
events on a daily basis to surface external exposures on
employee networks.
|