WirelessPhreak.com

I am a fan of Palo Alto Networks NGFW, especially the visibility it can give you in to your traffic. PAN does a pretty good job within their management tools of organizing and reporting on the data, but most of us also have large SIEMs or Logging solutions like Elastic's ELK stack. Splunk, exabeam, etc.

Splunk being one of the more popular SIEM and logging solutions, I created a PAN Threat Dashboard I wanted to share. If you have Splunk running in your environment and the Splunk Palo Alto Networks add-on installed all the pre-defined fields should work correctly. If not, you may need to tweak 1 or 2 fields in the dashboard to make it work. When you copy the code from my GitHub save it in a text editor and perform the following steps.  It should be up and running in your environment in no time.

GitHub link: https://github.com/wirelessphreak/Palo-Alto-Networks-Threat-Dashboard-for-Splunk

 

You will need to identify your Palo Alto firewall host= fields (how Splunk identifies the device sending logs) to populate the field2 drop down menus.

 

Directions:

1. Log into Splunk and go to Search
2. Click on Dashboards and Create a new Dashboard
3. Once you have created your new dashboard go to edit and select source tab on the top
4. Clear out the default text in the dashboard and copy and paste the dashboard from GitHub.
5. Before you save the dashboard you will need to identify your Palo Alto firewall host= fields to populate the field2 drop down menus, I have space holders firewall-1, firewall-2, etc. configured currently

 

You should be good to go!