Use Panorama to Forward Logs to Azure Security Center
Use Panorama templates and device groups to forward VM-Series
firewall logs to Azure Security Center
If you are using Panorama to manage your firewalls,
you can use templates and device groups to forward firewall logs
to Azure Security Center. With the default Azure Security Center
Log Forwarding profile, Threat and WildFire Submissions logs of
low, medium, high, or critical severity generated on the firewall
are displayed as security alerts on the Azure Security Center dashboard.
So that you can focus and triage alerts more efficiently, you can
set up granular log filters to only forward logs
of interest to you, or forward high and critical severity logs only.
You can also selectively attach the log forwarding profile to a
few Security policy rules based on your applications and security
To enable the Azure Security Center integration from
Panorama, use the following workflow.
From Panorama, create a template and a device group to push log forwarding
settings to the firewalls that will be forwarding logs to Azure
Specify the log types to forward to the Logging Service.
The way you enable forwarding depends on the log type.
For logs that are generated based on a policy match, you use a log
forwarding profile within a device group, and for other logs types
you use the Log Settings configuration within a template.
Configure forwarding of System, Configuration,
User-ID, and HIP Match logs.
the firewalls you want to forward logs to the Logging Service.
For each log type that you to forward to the Logging Service,
match list filter. Give it a
Built-in Actions and enter a
The Azure-Security-Center-Integration action will be auto selected.
Configure forwarding of all other log types that are
generated when a policy match occurs such as Traffic, Threat, WildFire
Submission, URL Filtering, Data Filtering, and Authentication logs.
To forward these logs, you must create and attach a log forwarding
profile to each policy rule for which you want to forward logs.
and then select
profile. In the log forwarding profile match list, add each log
type that you want to forward.
in Built-in Actions to
enable the firewalls in the device group to forward the logs to
Azure Security Center.
attach the Log Forwarding profile you created for forwarding logs
to Azure Security Center. Until the firewall has interfaces and zones
and a basic security policy, it will not let any traffic through,
and only traffic that matches a security policy rule will be logged
For each rule you create, select
select the Log Forwarding profile that allows the firewall to forward
logs to Azure Security Center.