Creating Dashboards For Firewall Logs

Thanks in advance -

Looking to see if anyone has configured dashboards for Palo Alto Firewall inbound connection attempts. Not seeing the log data available in log search regarding “inbound” connections, just outbound. Am i missing something here…? Would be helpful in terms of sourcing malicious IP’s attempting VPN connections from the outside.

Thanks again.

Hi @mblough!

You need to forward the vpn logs to IDR to get ingress authentication logs for Palo Alto VPN (PAN FW: DEVICE → Log Settings → GlobalProtect → forward all logs per syslog to IDR collector).

After that you can create a dashboard and filter for stuff like failed/successfull logins and list the usernames, IPs or Source Countrys etc.

Best regards
Robert

Thank you for the response! I figured this may be the case but need to engage the rest of the team to get them sent over.