External Logging Platform
Table of Contents
4.2 (EoS)
Expand all | Collapse all
-
- Set Up the Endpoint Infrastructure
- Activate Traps Licenses
-
- Endpoint Infrastructure Installation Considerations
- TLS/SSL Encryption for Traps Components
- Configure the MS-SQL Server Database
- Install the Endpoint Security Manager Server Software
- Install the Endpoint Security Manager Console Software
- Manage Proxy Communication with the Endpoint Security Manager
- Load Balance Traffic to ESM Servers
-
- Malware Protection Policy Best Practices
- Malware Protection Flow
- Manage Trusted Signers
-
- Remove an Endpoint from the Health Page
- Install an End-of-Life Traps Agent Version
-
-
- Traps Troubleshooting Resources
- Traps and Endpoint Security Manager Processes
- ESM Tech Support File
-
- Access Cytool
- View the Status of the Agent Using Cytool
- View Processes Currently Protected by Traps Using Cytool
- Manage Logging of Traps Components Using Cytool
- Restore a Quarantined File Using Cytool
- View Statistics for a Protected Process Using Cytool
- View Details About the Traps Local Analysis Module Using Cy...
- View Hash Details About a File Using Cytool
External Logging Platform
By using an external logging platform—such as security
information and event management (SIEM) system or a syslog device—you
can view aggregated logs from the ESM Console and ESM Servers. You can
also configure the ESM to send logs to Panorama. The ability to
view Traps logs in the same context as the firewall logs allows
you to correlate discrete activity observed on the network and the
endpoints. Correlated events help you see the overall picture across
your network and the endpoints so that you can detect any risks
that evade detection or take advantage of blind spots, and strengthen
your security posture well before any damage occurs.
When enabled, the ESM component forwards reports about events
to the external logging platform in addition to storing logs internally.
The ESM component which forwards the logs varies depending on the
type of event. For example, if you monitor verdict changes, the
ESM Console sends logs when you override the verdict for a hash.
If WildFire changes the verdict, the ESM Server sends the logs.
You can also integrate your external logging platform with third-party
monitoring tools, such as Splunk, to analyze log data. Download
the Splunk app for Palo Alto Networks at https://apps.splunk.com/app/491.
To add an external logging platform, see Forward
Logs to an External Logging Platform.