Impelix IMPACT Integration
with Palo Alto Networks NGFW
The Impelix IMPACT platform ingests telemetry from your all your security products as well as third-party feeds (threat intelligence, cybersecurity risk, business resilience intelligence, etc.) and delivers event correlation, security control efficacy, and compliance monitoring.
We believe that the more data ingested into IMPACT, the more context you will have regarding security incidents, which will allow effective and efficient incident response and compliance management. Therefore, we encourage and facilitate connecting vendor products telemetry with Impelix IMPACT platform.
Palo Alto Networks NGFW
Syslog Forwarding from Palo Alto Networks
Follow these directions from Palo Alto to enable NetFlow:
https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/monitoring/netflow-monitoring/configure-netflow-exports
Wait at least 10 minutes then on the Impelix IMPACT Search interface, run a search on an IP address that should have been monitored by the NetFlow exporter. It should show up in the communications tab.
To enable syslog, follow these instructions: https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Forward-Threat-Logs-to-Syslog-Server/ta-p/59980
For best results, configure output to Impelix IMPACT in CEF Format:
https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/cef/pan-os-80-cef-configuration-guide.pdf
Flip back over to the Impelix IMPACT “Search” interface and search for the IP address of the Palo Alto NGFW. An entry should be listed on the Syslog tab.