We are looking into populating some of the dashboard cards and various data sets with our VPN solution, Palo Alto GlobalProtect. We have the management software, Panorama, forwarding the logs it ingests from the individual firewalls to IDR using the “Palo Firewall & VPN” event source
However, none of the VPN “solutions” within IDR are populating. Doing some research, it seems like Palo doesn’t separate those logs out until a later OS level than we are currently using (8.1).
Is there a way we can parse that data out from within IDR via IP range or a key field within the logs?