Palo Alto Networks PA Series

Use the IBM® QRadar® DSM for Palo Alto PA Series to collect events from Palo Alto PA Series and Next Generation Firewall logs by using Cortex Data Lake.

To send events from Palo Alto PA Series to QRadar, complete the following steps:
  1. If automatic updates are not enabled, download the most recent version of the following RPMs from the IBM support website (https://www.ibm.com/support).
    • DSMCommon RPM
    • TLS Syslog Protocol RPM
    • Palo Alto PA Series DSM RPM
  2. Configure your Palo Alto PA Series device to send events to QRadar.
  3. If QRadar does not automatically detect the log source, add a Palo Alto PA Series log source on the QRadar Console.