New Features in Strata Logging Service
Focus
Focus
Strata Logging Service

New Features in Strata Logging Service

Table of Contents

New Features in Strata Logging Service

Here are the new features in Strata Logging Service.
Welcome to Strata Logging Service! Strata Logging Service allows you to centralize the collection and storage of logs generated by apps on the cloud services portal and your on-premises, public, and private cloud firewalls, and the Prisma Access. The cloud-based logging infrastructure is available in multiple regions.
Strata Logging Service seamlessly integrates with your existing Panorama. Once configured, you can view all firewall logs from Panorama.
These are all the new features introduced in Strata Logging Service.

Log Forwarding Support to Amazon Security, AWS S3, and Snowflake

August, 2024
You can now forward events and audit browser logs in Strata Logging Service to external security data storage services like Amazon Security Lake, AWS S3, and Snowflake. To enable this, create a log forwarding profile in either a standalone Strata Logging Service instance or Strata Cloud Manager. Strata Logging Service forwards logs to Amazon Security Lake in PARQUET format and to AWS S3 and Snowflake warehouse in JSON format.
Log forwarding enables you to forward firewall logs stored in Strata Logging Service to an external destination to support your organization’s legal compliance requirements, long-term storage, and monitoring. Configure Strata Logging Service to forward logs to a syslog server, HTTPS server, email server, or a third-party SIEM in multiple formats. You can also set the type of logs you want to forward and apply log filters to specify which logs Strata Logging Service are forwarded to the destination server. Additionally, log forwarding allows you to replay and send logs from the past 3 days to the preferred external destination.

Prisma Access Secure Enterprise Browser Logging

August, 2024
You can view Prisma Access Secure Enterprise Browser logs in Explore and Log Viewer. See the Log Reference for more information about the log fields.
The Prisma Access Secure Enterprise Browser (Prisma Access Browser) is a browser designed specifically for enterprise use and is fortified with security features to protect users and organizations against cyberthreats like phishing, malware, eavesdropping, and data exfiltration.
The initial release of Prisma Access Browser includes the following:
  • Third-Party Access: contractors, partners, consumers, or students needing secure access to SaaS or private web apps on their unmanaged devices.
  • Bring Your Own Device Access: employees using personal devices (mostly mobile) for work.
  • Temporary Secure Access: employees needing access to critical apps, such as Human Resources and Payroll, during agent rollouts or network merges.
  • Secure Access for managed devices: employees using work devices accessing highly sensitive data.

AI Runtime Security Logging

July, 2024
You can view AI Runtime Security logs in Explore and Log Viewer. See the Log Reference for more information about the log fields.
Log Forwarding is not supported for AI Security logs.
Palo Alto Networks AI Runtime Security is a purpose-built firewall to discover, protect, and defend the enterprise traffic flows against all potential threats focusing on addressing AI-specific vulnerabilities such as prompt injection, and denial-of-service attacks on AI models. It combines continuous runtime threat analysis of your AI applications, models, and data sets with AI powered security to stop attackers in their tracks. The AI Runtime Security leverages real-time AI-powered security protecting your AI application ecosystem from both AI-specific and conventional network attacks.
AI Runtime Security leverages critical anomaly detection capabilities and protects AI models from manipulation to ensure the reliability and integrity of AI output data. It rejects prompt injections, malicious responses, training data poisoning, malicious URLs, command and control, embedded unsafe URLs, and lateral threat movement.
AI Runtime Security uses Palo Alto Networks Strata Cloud Manager (SCM) as the main configuration and management engine. To begin with, activate and onboard your cloud service provider account on SCM. The AI Security Profile imports security capabilities from Enterprise DLP and URL Filtering for inline detection of threats in AI application traffic.
The AI Runtime Security is powered by the following four key elements:
Discover - The AI Runtime Security discovers your enterprise AI application and all other applications. The AI Runtime Security dashboard provides complete visibility and security insights of your AI and other applications in just a few clicks. You can effortlessly gain actionable intelligence on AI traffic flows covering your applications, models, user access, and infrastructure threats.
Deploy - The AI Runtime Security deployment using Terraform templates automates the deployment procedure reducing the human error, lowering the required time for manual configuration tasks, and for protecting your enterprise AI applications. Deploy your AI Runtime Security instance downloading the Terraform templates and provide permissions to your cloud service provider account projects to analyze flow logs and DNS logs.
Detect - Identify unprotected traffic flows with potential security threats to the cloud network and detect the potential security risks based on logs and recommended actions to remediate.
Defend - Shield your organization’s AI application ecosystem from AI-specific and conventional network attacks by leveraging real-time AI-powered security. Get the continuous discovery of the AI network traffic on the containers and namespaces.
To learn more about AI Runtime Security activation, onboarding, and deployment, see AI Runtime Security documentation.

Local Deep Learning for Advanced Threat Prevention Logging

July, 2024
You can view Local Deep Learning log in Explore and Log Viewer. See the Log Reference for more information about the log fields.
Advanced Threat Prevention now supports Local Deep Learning, which provides a mechanism to perform fast, local deep learning-based analysis of zero-day and other evasive threats, as a complementary feature to the cloud-based Inline Cloud Analysis component of Advanced Threat Prevention. With an Advanced Threat Prevention license, known malicious traffic that matches against Palo Alto Networks published signature set are dropped (or have another user-defined action applied to them); however, certain traffic that matches the criteria for suspicious content are rerouted for analysis using the Deep Leaning Analysis detection module. If further analysis is necessary, the traffic is sent to the Advanced Threat Prevention cloud for additional analysis, as well as the requisite false-positive and false-negative checks. The Deep Learning detection module is based on the proven detection modules operating in the Advanced Threat Prevention cloud, and as such, have the same zero-day and advanced threat detection capabilities. However, they also have the added advantage of processing a much higher volume of traffic, without the lag associated with cloud queries. This enables you to inspect more traffic and receive verdicts in a shorter span of time. This is especially beneficial when faced with challenging network conditions.
Updates to Local Deep Learning models are delivered through content updates. Local Deep Learning is enabled and configured using the Anti-Spyware profile and requires an active Advanced Threat Prevention license.

Strata Logging Service in Strata Cloud Manager

June, 2024
In addition to the Strata Logging Service app available in the hub to manage your instances, you can now also use Strata Cloud Manager to manage your Strata Logging Service instances.
Supported on Strata Cloud Manager with Strata Logging Service license.
Strata Cloud Manager is not available to you to manage Strata Logging Service instances hosted in China or in FedRAMP high regions. Continue to use the Strata Logging Service app to manage the instances in these regions.
You can now manage your Strata Logging Service instance with Strata Cloud Manager. After you have activated and deployed Strata Logging Service, log in to Strata Cloud Manager on hub and select SettingsStrata Logging Service to manage your Strata Logging Service instance. Additionally, you can also continue to use the Strata Logging Service standalone app available on the hub to manage your instances. The logging data is the same in both Strata Logging Service app and Strata Cloud Manager, except for their web interface differences.
Use Strata Logging Service to:

Log Forwarding from Strata Logging Service in China

May, 2024
You can forward firewall logs stored in Strata Logging Service hosted in China to external destinations. Contact Palo Alto Networks to enable log forwarding from Strata Logging Service China. In addition, while configuring log forwarding profiles acknowledge the notice that sending logs to servers outside China can result in personally identifiable information leaving China.
Log forwarding enables you to forward firewall logs stored in Strata Logging Service to an external destination to support your organization’s legal compliance requirements, long-term storage, and monitoring. Configure Strata Logging Service to forward logs to a syslog server, HTTPS server, email server, or a third-party SIEM in multiple formats. You can also set the type of logs you want to forward and apply log filters to specify which logs Strata Logging Service are forwarded to the destination server. Additionally, log forwarding allows you to replay and send logs from the past 3 days to the preferred external destination.

Cortex Data Lake is Now Strata Logging Service

April, 2024
Strata Logging Service is the new name for the cloud-based logging infrastructure that was previously called Cortex Data Lake.

View Only Administrator User Role Support for Strata Logging Service

April, 2024
In addition to these user roles, Strata Logging Service now supports a View Only Administrator role that provides read-only access to all available system-wide functions in Strata Logging Service.

New Region Support: Saudi Arabia

March, 2024
You can now host Strata Logging Service in the Saudi Arabia region. Refer to the region support information before you set a host region when you activate Strata Logging Service.
You can host Strata Logging Service in multiple regions. To comply with data privacy regulations that require you to keep data within a specific region, you can select it as a host region when you activate Strata Logging Service. You must also allow specific FQDNs or IP address range and TCP ports for each region to send logs to and forward logs from Strata Logging Service. In addition, depending on the platform you are using, you must allow traffic from different sources to connect to Strata Logging Service successfully. Strata Logging Service ensures data redundancy by storing your data in two different zones in the region you choose. Therefore, in case of an outage, Strata Logging Service will failover to the secondary zone in an attempt to prevent interruption of service.
If you want to use a third-party app to ingest your Strata Logging Service log data, ensure that the third-party app is supported in the same region as your Strata Logging Service instance. Otherwise, the third-party app will be unable to access your data. Third-party apps are currently supported in only the following regions:
  • United States - Americas
  • United Kingdom
  • Netherlands - Europe
  • Japan

New Log Field Names

January, 2024
To simplify your logging experience, some log field names have changed. These changes will affect how field names appear and how they are forwarded. To ensure a smooth transition for your log forwarding profiles, we will continue to support the old names for the near future. Fields will be forwarded with both the new names and old names, so you can choose whether to leverage the new names or continue with your current configurations. Therefore, no action is required to maintain log forwarding functionality.
References to logs that were forwarded before these changes must use the old names.

Query Usability and Performance Enhancements in Explore

January, 2024
The enhancements in Explore include:
  • Option to cancel a query you no longer want to run, using the Cancel option
  • Improved query response time
  • View logs from Strata Logging Service hosted in the China region
You can view and interact with logs stored in Strata Logging Service with Explore in Strata Logging Service app and Log Viewer in Strata Cloud Manager. A query field and time range preferences help you narrow down the specific logs that are of interest to you. You can view the log details and also export all log types to a compressed CSV file in GZ format. Log Viewer provides an audit trail for system, configuration, and network events. Jump from a dashboard in Strata Cloud Manager to your logs to get details in Log Viewer and investigate findings.

Forward Past Logs With Log Replay

January, 2024
You can now forward past-dated logs (up to the past 3 days from the current date) from Strata Logging Service to your preferred syslog, HTTPS, or email servers with log replay profiles. You can use this option to retrieve old logs in case of connection failures or outages at the destination server. To create the log replay profile, you clone the parameters from your preferred existing log forwarding profile and provide the date range for which you want to forward the logs.

New Region Support: Korea, Israel, Indonesia, and United States Government (High)

November, 2023
You can now host Strata Logging Service in Korea, Israel, Indonesia, and United States Government (FedRAMP high) regions. Refer to the region support information before you set a host region when you activate Strata Logging Service.
You can host Strata Logging Service in multiple regions. To comply with data privacy regulations that require you to keep data within a specific region, you can select it as a host region when you activate Strata Logging Service. You must also allow specific FQDNs or IP address range and TCP ports for each region to send logs to and forward logs from Strata Logging Service. In addition, depending on the platform you are using, you must allow traffic from different sources to connect to Strata Logging Service successfully. Strata Logging Service ensures data redundancy by storing your data in two different zones in the region you choose. Therefore, in case of an outage, Strata Logging Service will failover to the secondary zone in an attempt to prevent interruption of service.
If you want to use a third-party app to ingest your Strata Logging Service log data, ensure that the third-party app is supported in the same region as your Strata Logging Service instance. Otherwise, the third-party app will be unable to access your data. Third-party apps are currently supported in only the following regions:
  • United States - Americas
  • United Kingdom
  • Netherlands - Europe
  • Japan

Remote Browser Isolation Logging

November, 2023
You can view Remote Browser Isolation logs in Explore and Log Viewer. See the Schema Reference for more information about the log fields.
Browser and web-based attacks are continuously evolving, resulting in security challenges for many enterprises. Web browsers, being a major entry point for malware to penetrate networks, pose a significant security risk to enterprises, prompting the increasing need to protect networks and devices from zero day attacks. Highly regulated industries, such as government and financial institutions, also require browser traffic isolation as a mandatory compliance requirement.
While most enterprises want to block 100% of attacks by using network security and endpoint security methods, such a goal might not be realistic. Most attacks start with the compromise of an endpoint that connects to malicious or compromised sites or by opening malicious content from those sites. An attacker only needs one miss to take over an endpoint and compromise the network. When this happens, the consequences of that compromise and the impact to your organization can be damaging.
Remote Browser Isolation (RBI) creates a no-code execution isolation environment for a user's local browser, so that no website code and files are executed on their local browser. Unlike other isolation solutions, RBI uses next-generation isolation technologies to deliver near-native experiences for users accessing websites without compromising on security.
RBI is a service that isolates and transfers all browsing activity away from the user's managed devices and corporate networks to an outside entity such as Prisma Access, which secures and isolates potentially malicious code and content within their platform. Natively integrated with Prisma Access, RBI allows you to apply isolation profiles easily to existing security policies. Isolation profiles can restrict many user controls such as copy and paste actions, keyboard inputs, and sharing options like file uploading, downloading, and printing files to keep sensitive data and information secure. All traffic in isolation undergoes analysis and threat prevention provided by Cloud-Delivered Security Services (CDSS) such as Advanced Threat Prevention, Advanced WildFire, Advanced URL Filtering, DNS Security, and SaaS Security.

Query Usability Enhancements

September 15, 2023
You can now use enhanced filtering and viewing capabilities to search and view relevant logs easily. The enhancements include:
  • Search in the query builder shows autosuggestions most relevant to the search string.
    • Search in the query builder shows autosuggestions most relevant to the search string.
    • The query builder suggests all the supported values for the field to build the query.
    • Search field names using substrings (for example, search with the string ‘user’ returns suggestions such as source_user, destination_user).
    • Search for a field based on the display name in the log table and not just the actual field name in the log record. You can create a query using both field names.
    • Press Shift + Enter to start a new line in the query builder, and press Enter to submit a query.

All Previous New Features

Feature
Description
Dynamic Sizing for Cloud NGFW for AWS
August 2023
To simplify storage allocation for your Cloud NGFW for AWS resources, Strata Logging Service now automatically scales your total allocated storage according to your Cloud NGFW usage. As traffic throughput increases on the Cloud NGFW resources, so does your available storage so that you don’t need to worry about making manual adjustments for Strata Logging Service to save your log data.
HTTPS Log Forwarding to Exabeam
August 2023
Strata Logging Service now supports forwarding logs to Exabeam using HTTPS, so if you use Exabeam as your SIEM, you can now seamlessly ingest firewall data from Strata Logging Service for a more complete picture of your network activity.
Log Forwarding Java 11 Upgrade
August 2023
For more up-to-date and secure authentication, Log Forwarding now uses Java 11. Please review the updated list of trusted certificates to ensure your log receiver has the correct certificates installed.
Poland Regional Support
July 2023
To comply with data privacy regulations that require you to keep data within Poland, you can now select it as a host region when you activate Strata Logging Service.
Cloud NGFW for Strata Logging Service Inventory Page Update
July 2023
Strata Logging Service now displays key metrics for your Cloud NGFWs to help you better monitor ingestion rate, storage usage, and connection status for your deployment.
New Log Field for Cloud NGFW Resources
July 2023
Strata Logging Service has a new log field (log_source_group_id) that identifies the Cloud NGFW resource to which your Cloud NGFWs belong. With this field, you can perform Explore/Log Viewer queries to zero in on logs generated by a specific Cloud NGFW resource.
Audit Logs for Cisco Meraki Integration with Prisma Access
May 2023
To monitor the operation of your Prisma Access integration with Meraki SD-WAN, you can now view and query Audit logs stored in Strata Logging Service using Explore in the Strata Logging Service app or Log Viewer in other apps. These logs provide context for every Meraki configuration change executed through the Prisma Access integration, including such information as date and time of the change, the admin who performed it, and any errors or warnings encountered.
China Regional Support
April 2023
To comply with data privacy regulations that require you to keep data within China, you can now select it as a host region when you activate Strata Logging Service.
France Regional Support
February 2023
To comply with data privacy regulations that require you to keep data within France, you can now select it as a host region when you activate Strata Logging Service.
Strata Logging Service Alerts in AIOps for NGFW
December 2022
You can now view alerts about your Strata Logging Service instance within AIOps for NGFW. These alerts enable you to stay aware of the latest service availability, log storage, and connection issues affecting your Strata Logging Service instance, providing you with the context and recommendations necessary to take the appropriate actions against them.
Spain Regional Support
November 2022
To comply with data privacy regulations that require you to keep data within Spain, you can now select it as a host region when you activate Strata Logging Service.
Italy Regional Support
November 2022
To comply with data privacy regulations that require you to keep data within Italy, you can now select it as a host region when you activate Strata Logging Service.
Multiple Panorama Support
November 2022
You can now add up to 20 Panorama appliances to a single Strata Logging Service instance. This simplifies licensing and monitoring by consolidating all of your data in one Strata Logging Service instance. That way, Palo Alto Networks security applications that analyze Strata Logging Service data, such as Cortex XDR, IoT Security, and SaaS Security Inline, can provide you with more centralized results.
Switzerland Regional Support
November 2022
To comply with data privacy regulations that require you to keep data within Switzerland regional boundaries, you can now select Switzerland as a host region when you activate Strata Logging Service.
Log Forwarding API Access for MSSPs
September 2022
To help you manage log forwarding profiles at scale, Log Forwarding APIs are now available for managed security service providers.
HTTPS Log Forwarding to Google Chronicle
August 2022
Strata Logging Service now supports forwarding logs to Google Chronicle using HTTPS, so if you use Chronicle as your SIEM, you can now seamlessly ingest firewall data from Strata Logging Service for a more complete picture of your network activity.
Field Name Updates for GlobalProtect CEF Logs
August 2022
For an output that is more consistent with other log types, we’ve updated the following field names for GlobalProtect logs sent from (CEF):
  • log_source
  • log_source_id
  • log_source_name
  • vsys_name
  • subtype.value
  • eventid.value
  • status.value
  • source_user
  • endpoint_device_name
  • public_ip.value
  • public_ipv6.value
  • hostid
DNS Security Logging
June 2022
You can now send DNS Security logs to Strata Logging Service to facilitate triage, prioritization, and response to security incidents involving DNS. This enables you to view DNS Security logs in Explore to assess the details of a particular log and perform queries for further investigation.
To send DNS Security logs to Strata Logging Service, you must have a DNS Security subscription on your firewalls, and you must configure log retention for DNS Security logs.
The Strata Logging Service Estimator does not yet support DNS Security logs, so you must calculate log storage manually. The average size of a DNS Security log is approximately 833 bytes.
Subnet Search in Explore
May 2022
In Explore, You can now use the = or != operators to match IPv4 and IPv6 addresses and subnets that use CIDR notation. This allows you to speed up your investigations by quickly narrowing them down to logs from a section of your network.
For example, this search identifies all logs with the specified IPv4 address range in the source address field:
src_ip.value = "192.168.30.51/24"
Similarly, this search identifies all logs that do not have the specified IPv4 address range in the destination address field:
dst_ip.value != “172.10.10.10/24”
HTTPS Forwarding to Microsoft Sentinel
March 2022
Strata Logging Service now supports forwarding logs through HTTPS to Microsoft Sentinel.
Forwarding for GlobalProtect Troubleshooting Logs
March 2022
To provide a more complete picture of your GlobalProtect application behavior to external logging solutions, you can now forward GlobalProtect Troubleshooting logs from Strata Logging Service.
License Information Widget
February 2022
On the Dashboard, you can now
  • View your license expiry date with a countdown from the current date to help you know when it’s time to renew.
  • View instance details such as name, tenant ID, and serial number to quickly help Customer Support identify your instance if an issue arises.
Additional Hardware Models for Strata Logging Service Estimator
January 2022
To help you more accurately estimate the amount of storage you will need, the Strata Logging Service now supports the following hardware models:
  • PA 400 series - PA-410, PA-440, PA-450 and PA-460
  • PA 5400 series - PA-5450
Deployment Monitoring
December 2021
The Strata Logging Service app now features a dashboard that enables you to view whether your devices are still sending logs to Strata Logging Service as well as view finer details about log transmission, such as storage, latency, ingestion, and log forwarding status.
Client Authentication Using Certificates
December 2021
You can now use certificates to authenticate the log forwarding endpoint that is sending logs to your Syslog and HTTPS servers. This enables you to comply with any company or regulatory policy that may require client authentication.
Independent Log Forwarding Profiles
November 2021
Log forwarding profiles that send logs to different destinations now work independently from each other, so if one destination disconnects and stops ingesting logs, the other destinations will remain connected and will continue sending logs to these destinations.
If you are a managed security service provider overseeing the syslog streams for multiple customers, this feature will ensure that a problem with one stream will not affect the others.
Also, if you manage multiple syslog sinks for different purposes, such as SOC investigation, network troubleshooting, and audit and compliance this feature helps you maintain consistent service in the event that one sink goes down.
Easy Activation
September 2021
Strata Logging Service now features a simplified activation flow to help you get up and running with the product quickly and easily. After you purchase a Strata Logging Service license, you now receive an email with a link that takes you to a step-by-step process for activating your product.
India Regional Support
August 2021
To comply with data privacy regulations that require you to keep data within India regional boundaries, you can now select India as a host region when you activate Strata Logging Service.
Saved and Shared Filters
August 2021
You can now save log queries and share them with other users. Save log queries to avoid re-entering long, complex, or frequently used queries each time you want to see a particular set of logs. Share queries to quickly present the logs to a team member, support technician, or anyone whom you want to see them.
Saved Log Viewer Profiles
August 2021
In the log viewer, you can now create profiles that save preferences so that you can quickly change to a set of preferences for a particular use case or user.
These preferences include the Cloud Identity Engine (CIE) tenant, the time zone in which logs appear, and the columns you’ve chosen to display as well as their order.
Query Builder Enhancements
July 2021
The character limit for queries has increased to 4096, and queries now wrap to the next line when the field is filled. This enables you to form longer queries and view their contents at a glance.
Time Zone Selection
July 2021
You can now choose to view logs in different time zones. This helps you correlate logs generated by different products that may use a different time zone from the timezone of your browser.
Millisecond-Level Queries
July 2021
You can now create queries with the time_generated_high_res field equal_to a time in milliseconds. This enables you to correlate logs with events from other systems at a millisecond level.
Default User Preferences
July 2021
You can now restore preferences, such as column order and time zone, to the preferences set when you first started the app. This enables you to quickly undo any changes you’ve made if you are no longer satisfied with your preferences.
Log Viewer Admin Role
July 2021
Strata Logging Service now has a new role that only grants permission to view the Explore tab and export log data. If one of your users only needs to view logs, this enables you to maintain a good security posture by only granting them the permissions they need.
Germany Regional Support
July 2021
To comply with data privacy regulations that require you to keep data within German regional boundaries, you can now select Germany as a host region when you activate Strata Logging Service.
Filter Query Parentheses Support
June 2021
The log viewer filter now supports parentheses to determine the order in which it evaluates terms in queries so you can more precisely identify the logs you’re looking for.
Firewall Data Retention Toggle
June 2021
For better control over your log data, you can now disable log retention for each of your firewalls from the Inventory tab in the Strata Logging Service app. To do this, set Store Log Data to Off for the firewalls whose data you do not want to retain.
Device Certificate for Strata Logging Service
June 2021
(PAN-OS 10.1 or later) To reduce the number of certificates you need to install and manage to connect to Palo Alto Networks cloud services, you can now authenticate to Strata Logging Service using a device certificate. This enables you to authenticate to Strata Logging Service using the same certificate that you would use to connect to Cortex XDR, IoT Security, and Enterprise Data Loss Prevention.
Devices using a device certificate follow a new process to onboard to Strata Logging Service. Make sure to follow the onboarding process appropriate for your PAN-OS version and deployment style.
Self-Signed Certificate Support
April 2021
You can now get started forwarding logs from Strata Logging Service more quickly, easily, and cost-effectively by using a self-signed certificate to authenticate your syslog or HTTPS receiver. After installing the certificate on your receiver, you can upload the private CA or self-signed certificate as part of your syslog or HTTPS forwarding profiles.
Log Forwarding Certificate Validation Enhancement
March 2021
To ensure your log data arrives safely to its intended destination, Strata Logging Service now more rigorously inspects the validity of server certificates.
Log Forwarding Connection Check
March 2021
To help you verify that you can connect to the syslog server to which you want to forward logs, Strata Logging Service Log Forwarding now features a Test Connection button in Syslog and HTTPS profile configuration. When you click this button, you will see that the connection either succeeded or failed and why.
HTTPS Log Forwarding
March 2021
For compatibility with services that receive events through HTTPS, such as Splunk HTTP Event Collector (HEC), Strata Logging Service now supports forwarding logs through HTTPS.
Common Event Format (CEF) Support
March 2021
Enabling you to forward logs to Microfocus ArcSight Enterprise Security Manager, Strata Logging Service now supports CEF as an option when you select the log format for a syslog forwarding profile.
No Data Retention
March 2021
For better control over your log data, Strata Logging Service now does not retain logs at all if you set log storage Quota or Max Retention Days to 0 in Storage Configuration. If you do want to store logs, ensure that Quota is greater than 0 and Max Retention Days is not set to 0.
Related Log Events
February 2021
Certain network logs—Traffic, Threat, URL, File—now show you the other events logged during the same session.
Without leaving the context of the log you’re interested in, you can see the sequence of related events for the session. Related logs are displayed chronologically, top to bottom—the log with the earliest timestamp is listed first.
Select a related log to investigate the details for that event.
Log Format Updates
February 2021
To take advantage of these features, you must edit and resubmit your log forwarding profiles.
New Log Fields—To support the transport of richer data about your network traffic, Strata Logging Service now processes new log fields from PAN-OS: device group (DG) hierarchy and secure web gateway (SWG) fields. The DG hierarchy field helps you identify which firewall Device Group generated a log, and SWG fields provide more detailed user Authentication information.
New Email Log Format—For better consistency across log outputs, the log fields in email log forwarding now more closely resemble other supported formats, such as LEEF and the format used in Explore. This does not affect email forwarding profiles that were migrated from an older version of Log Forwarding.
Log Field Modification—For better consistency with other log fields, the ProfileToken field now has the first letter capitalized. If you reference this field in automation scripts, ensure that it reads ProfileToken.
Log Forwarding Filter Updates
February 2021
To take advantage of these features, you must edit and resubmit your log forwarding profiles.
Editable Migrated Filters—You now have the flexibility to modify the queries in log forwarding filters that you may have retained from an earlier version of the Log Forwarding app.
Migrated filters will not tell you if a query that you entered is valid. To validate a query, create a new filter and test it there. When you determine the query works, then paste it into the migrated filter.
Filter Deletion Confirmation—To prevent you from accidentally deleting log forwarding filters, filter deletion is now a two-step process.
In-App Device Connection Management
January 2021
For smoother device onboarding, you can now view a list of your available Panorama and firewall devices and generate onboarding keys for them within the app.
Redesigned UI
January 2021
To provide a more consistent experience across Palo Alto Networks platforms, Strata Logging Service now features a new user interface that you may recognize from products such as Prisma Access.
Explore Integration
January 2021
Instead of switching to a different app, you can now search, filter, and export logs directly within the Strata Logging Service app. Select Explore in the app’s new sidebar to get started.
Australia Regional Support
December 2020
To comply with data privacy regulations that require you to keep data within Australian regional boundaries, you can now select Australia as a host region when you activate Strata Logging Service.
Log Forwarding Integration
November 2020
You can now forward logs from within the Strata Logging Service app, enabling you to conveniently manage onboarding, storage, and log transmission in a single application. In moving to the Strata Logging Service app, the log forwarding interface now has a new, simplified design that makes it easier to begin configuring Syslog and email profiles to forward your Strata Logging Service log data.
Log Filter Query Support
November 2020
When creating your log forwarding profiles in Strata Logging Service, you can now use the same query language from Explore to define precise log filters based on time, device serial number, IP address, and more.
LEEF Format Support for IBM QRadar
November 2020
You can now forward logs in Log Extended Event Format (LEEF) for use with IBM QRadar SIEM.
Combined Log Types
November 2020
To simplify the list of available log types for log forwarding, the tunnel log type now includes GTP logs, and Threat logs now include WildFire logs.
Because log forwarding profiles can only include one filter per log type, if you had a log forwarding profile with a log filter for both of the formerly separate log types, you will now see a new log forwarding profile. This profile contains the log filter that could not be duplicated in the original profile.
For example, a log forwarding profile with filters for both tunnel and GTP logs now appears as two profiles, each with a tunnel filter. One of the profiles will continue filtering tunnel logs and the other will filter GTP logs, which are now included in tunnel logs. The new profile will be called <original name> - GTP or, in the case of Threat and WildFire, <original name> - WildFire.
Non-Editable Log Forwarding Filters
November 2020
Some log filters created in the previous Log Forwarding app can no longer be edited. If you would like to change such filters, you must delete them and create new ones.
Because some fields in the migrated filters are no longer available, you may not be able to recreate an identical filter if you delete it.
Scheduled Reports for Strata Logging Service
November 2020
(PAN-OS 10.0.2 or later and Cloud Services plugin 1.8.0 or later) From Panorama, you can now generate scheduled reports on Strata Logging Service data.
Japan Regional Support
September 2020
To comply with data privacy regulations that require you to keep data within Japanese regional boundaries, you can now select Japan as a host region when you activate Strata Logging Service.
Canada Regional Support
July 2020
To comply with data privacy regulations that require you to keep data within Canadian regional boundaries, you can now select Canada as a host region when you activate Strata Logging Service.
To choose Canada as your host region, select Canada at activation. The Americas region represents the United States only.
Proxy Support
July 2020
(PAN-OS 10.0 or later) You can now configure the firewall to forward logs to Strata Logging Service through a proxy server. This enables you to send log data to Strata Logging Service from a network without a default gateway.
UK and Singapore Regional Support
July 2020
For compliance with regulations that require you to keep data within regional boundaries, you can now select the UK or Singapore as a host region when you activate Strata Logging Service.
Quota Manager Enhancements
June 2020
The quota manager now features a detailed breakdown of firewall log types and a simpler method of allocating remaining storage to help you more easily manage your .
Instead of a single Detailed log type, the quota manager now displays the firewall log types individually. The Infrastructure & Audit log type now appears as System and Config logs.
To allocate all remaining storage to one or more log types, you can now leave the quota percentage of log types blank and the quota manager will automatically assign them the unallocated space.
New Quota Manager UI
April 2020
To help you more easily allocate log storage and visualize the data you're storing in Strata Logging Service, the Strata Logging Service app now features a completely redesigned quota manager.
The quota manager now visually displays your total storage capacity as a bar, with color-coded segments representing different log sources so you can instantly identify how much storage a service uses and adjust if necessary.
New Minimum PAN-OS Version for Strata Logging Service Without Panorama
March 2020
To authenticate using the new G2 certificate chain, firewalls that you want to onboard to must now run PAN-OS 9.0.6 or later.
Strata Logging Service Without Panorama
July 2019
Until PAN-OS 9.0.3, Panorama was required to onboard firewalls to Strata Logging Service, and to view logs stored in Strata Logging Service. Now, firewalls running PAN-OS 9.0.3 and later can securely connect and log to Strata Logging Service, without Panorama. The new app, Explore, allows you to see and interact with the log data stored in Strata Logging Service.
New App-ID for Palo Alto Networks Shared Services
May 2019
For better application visibility and control, you now have a new App-ID for paloalto-shared-services, in addition to the App-ID for the palo-alto-logging-service. The paloalto-shared-services App-ID identifies traffic for any shared services that are used by Palo Alto Networks including Directory Sync Service, Logging Service, and Magnifier; any paloalto-shared-services traffic that was earlier identified as ssl, web-browsing will now be identified as paloalto-shared-services.
If you have a Palo Alto Networks next-generation firewall between the Panorama appliance and the internet, you must add a security policy rule on the firewall to allow the paloalto-logging-service and paloalto-shared-services App-IDs from the Panorama appliance to the internet. These applications allow SSL-secured communication to the Strata Logging Service that the Panorama appliance uses to query logs, and enable communication to the shared services and the Strata Logging Service for performing certificate status and revocation checks.
Connection Status Reporting Improvements
September 2018
To help with visibility on the status and connectivity to the Strata Logging Service, the Cloud Services plugin 1.2 provides details on the connection status between Panorama and the Strata Logging Service. On PanoramaCloud ServicesStatusStatus, you can now verify that Panorama appliance was able to successfully retrieve the Logging Service certificate, view the Customer Identification number and the region in which your Strata Logging Service instance is deployed, and confirm that the Panorama appliance is connected to the Logging Service. If any of these checks fail, the Status is reported as an error.
New App-ID for Palo Alto Networks Shared Services
September 2018
For better application visbility and control, you now have a new App-ID for paloalto-shared-services, in addition to the App-ID for the palo-alto-logging-service. The paloalto-shared-services App-ID identifies traffic for any shared services that are used by Palo Alto Networks including Directory Sync Service, Logging Service, and Magnifier; any paloalto-shared-services traffic that was earlier identified as ssl, web-browsing will now be identified as paloalto-shared-services.
If you have a Palo Alto Networks next-generation firewall between the Panorama appliance and the internet, you must add a security policy rule on the firewall to allow the paloalto-logging-service and paloalto-shared-services App-IDs from the Panorama appliance to the internet. These applications allow SSL-secured communication to the Strata Logging Service that the Panorama appliance uses to query logs, and enable communication to the shared services and the Strata Logging Service for performing certificate status and revocation checks.
Expand Log Storage Capacity for Traps Logs
April 2018
You can now activate Strata Logging Service Auth code from the cloud services portal to upgrade the Traps Included Storage of 100GB to a Strata Logging Service license with larger storage capacity.
Log Quota Management on the hub
March 2018
Starting March 19, 2018, you must use the cloud services portal to manage the log quota for logs stored on the Strata Logging Service.
Log in to the cloud services portal using your Customer Support Portal credentials, and then refer to the Logging Service Getting Started Guide for instructions on activating licenses and deploying this service.