Getting Data Into Splunk
Splunk can collect data from Palo Alto Networks products, each providing a wealth of visibility and control.
Firewall and Panorama
Secure the network domain. Syslog network and NGFW system health events to Splunk.
- More information about Next-generation Firewall
- More information about Panorama
- Bring Firewall and Panorama data into Splunk
Advanced threat detection. Collect Cortex XDR incidents into Splunk via API.
Cortex Data Lake
Cloud-based NGFW log management. Receive events directly from Cortex Data Lake using HTTP Event Collector (HEC).
Comprehensive IOT security. Collect IoT alerts and vulnerabilities via API.
Secure your enterprise SaaS application. Splunk reaches out to the Aperture logging API to collect incidents and activity from your SaaS apps.
AutoFocus and MineMeld
MineMeld and AutoFocus has been deprecated as of App/Add-on 7.0.0
Threat Intelligence to help prioritize and contextualize the rest of your data in Splunk. AutoFocus tags are collected via the AutoFocus API and threat indicators are collected from a MineMeld output feed.
- More information about AutoFocus
- More information about MineMeld
- Bring AutoFocus and MineMeld data into Splunk
Traps Endpoint Protection
Traps Endpoint has been deprecated and replaced with Cortex XDR in App/Add-on 7.0.0
Secure the endpoint domain. Syslog endpoint security and operations events to Splunk.