Introduction to Strata Logging Service
Focus
Focus
Strata Logging Service

Introduction to Strata Logging Service

Table of Contents

Introduction to Strata Logging Service

Learn about the cloud-based logging infrastructure provided by Palo Alto Networks.
Where Can I Use This?What Do I Need?
One of these:
Palo Alto Networks® Strata Logging Service provides cloud-based, centralized log storage and aggregation for your on premise, virtual (private cloud and public cloud) firewalls, for Prisma Access, and for cloud-delivered services such as Cortex XDR.
Strata Logging Service is secure, resilient, and fault-tolerant, and it ensures your logging data is up-to-date and available when you need it. It provides a scalable logging infrastructure that alleviates the need for you to plan and deploy Log Collectors to meet your log retention needs. If you already have on premise Log Collectors, the new Strata Logging Service can easily complement your existing setup. You can augment your existing log collection infrastructure with the cloud-based Strata Logging Service to expand operational capacity as your business grows, or to meet the capacity needs for new locations.
With this service, Palo Alto Networks takes care of the ongoing maintenance and monitoring of the logging infrastructure so that you can focus on your business.
Strata Logging Service interacts with several different products. Some products send logs to Strata Logging Service, while others use it to view and analyze the log data.

Features of Strata Logging Service

Use the Strata Logging Service to-

Products that send logs to Strata Logging Service

You can onboard individual firewalls directly to Strata Logging Service. Use the Strata Logging Service app to view all log records that the firewalls forward to Strata Logging Service.
If you’re using Panorama, you can onboard firewalls to Strata Logging Service at scale, instead of onboarding each individual firewall. All Strata Logging Service logs are visible directly in Panorama.
With Prisma Access, Palo Alto Networks deploys and manages the security infrastructure globally to secure your remote networks and mobile users. Prisma Access logs directly to Strata Logging Service. You can view the logs, ACC, and reports from Panorama for an aggregated view into your remote network and mobile user traffic. To enable logging for Prisma Access, you must purchase a Strata Logging Service license. Log traffic does not use the licensed bandwidth you purchased for Prisma Access.

Products that use logs stored in Strata Logging Service

AIOps for NGFW uses Strata Logging Service log data to assess the health of your firewalls and generate alerts. You can also view Strata Logging Service log data from within AIOps for NGFW.
Prisma Access (Cloud-Managed)
Cloud-managed Prisma Access enables you to view and filter your log data, and it can generate reports on your log data.
IoT Security is a cloud-based app that ingests the device data that next-generation firewalls collect from network traffic and send to Strata Logging Service. IoT Security then uses this data to discover the “things” on your network and identify normal device behavior and detect suspicious activity.
Panorama
Panorama displays logs stored in Strata Logging Service. The Panorama ACC and reports give you an aggregated view into your remote network traffic.
SaaS Security Inline uses Strata Logging Service logs to discover users and provide SaaS application usage data about those users.
Cortex XDR
If you extend your firewall security policy to mobile users and remote networks using Prisma Access or GlobalProtect, you can also forward related traffic logs to Strata Logging Service. The analytics engine can then analyze those logs and raise alerts on anomalous behavior.
Cortex XSOARIn Cortex XSOAR Marketplace, install the Strata Logging Service Content Pack to run queries for critical threat logs, social applications, threat logs, etc. You can also Install the PAN-OS to Strata Logging Service Monitoring content pack to monitor the PAN-OS FW log in a recurring job.
Cortex Xpanse™
Cortex Xpanse™ consumes GlobalProtect login events on a daily basis to surface external exposures on employee networks.