Request from SOC to send data from panorama for 30 days to XSIAM.
They don't know if this is required yet but are giving a heads up
It is possible to export logs from the firewalls/panorama in a flat file, such as a CSV and then use Broker VM CSV Collector or the XDR Collector to ingest this data into XSIAM
DTSPO-22010
Summary
Request from SOC to send data from panorama for 30 days to XSIAM.
They don't know if this is required yet but are giving a heads up
It is possible to export logs from the firewalls/panorama in a flat file, such as a CSV and then use Broker VM CSV Collector or the XDR Collector to ingest this data into XSIAM
This article explains how to export data for a custom date range: https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/monitoring/view-and-manage-logs/use-case-export-traffic-logs-date-range
The article above refers to the traffic log, however there are many other logs in PANOS so make sure you export ALL the logs
Intended Outcome
Data from intended range sent over to SOC
Impact on Teams
No Impact