Technical partnership between Palo Alto and ManageEngine Log360

Together, ManageEngine Log360 and Palo Alto's technical alliance helps enterprises enhance their threat detection and remediation capabilities. Palo Alto's network devices, especially their firewalls, are the first line of defense. Log360 ingests security data points from these Palo Alto devices to provide comprehensive visibility, ensuring rapid and effective responses to security threats.

How the integration works

• Automatic IP blocking: Log360 collects and analyzes logs from Palo Alto firewalls, switches, and firepower devices. It identifies malicious IP activity through its alert profiles. Upon detection, a workflow is triggered to block the IP on the Palo Alto device, ensuring immediate response to potential threats.
• Workflow configuration: Users can create a workflow by selecting the Palo Alto Deny Access Rule action, specifying necessary details, and assigning it to an alert profile. This workflow automates the blocking process on Palo Alto devices.

How to enable

To configure the Syslog service on Palo Alto devices, refer to the link below:

Configuring the Syslog Service on PaloAlto devices

Top benefits of this integration

• Rapid threat mitigation: Automatic IP blocking allows Log360 to respond to detected threats without delay. The system instantly triggers a workflow to block the IP on the Palo Alto device when a malicious IP is identified. This automated response minimizes the potential damage caused by security breaches, preventing unauthorized access and mitigating the risk of data loss or compromise.
• Enhanced network security: Log360 continuously monitors network traffic and activities in real-time. By integrating with Palo Alto firewalls, it leverages advanced threat detection capabilities to identify potential security threats as they occur. This proactive approach to security ensures that potential threats are addressed before they can cause significant harm to enhance overall network protection.
• Simplified management: The integration between Log360 and Palo Alto simplifies the process of threat detection and mitigation. By automating key security tasks, such as IP blocking and alert management, the integration reduces the need for manual intervention. This saves time for IT security teams and ensures a more consistent and reliable response to security threats.
• Comprehensive reporting: Log360 offers detailed reporting on Palo Alto firewall activity, providing insights into various aspects of network security. These reports include traffic overviews, threat reports, logon attempts (both successful and failed), and more. Comprehensive reporting aids in compliance with security regulations and standards, as well as supports security audits by providing clear and detailed records of network activities and security incidents.

About Palo Alto

Palo Alto Networks is a leading cybersecurity company known for its innovative firewall solutions that provide advanced threat detection and prevention capabilities to protect networks from a wide range of security threats. Their firewalls feature an intuitive interface, simplifying firewall management and configuration, and offer extensive reporting with over 30 out-of-the-box reports covering traffic overview, threat reports, logons, and more, providing comprehensive insights into network activity. Real-time alerts via email and SMS keep administrators informed of all critical events, while robust log management ensures secure, tamper-free log archiving and powerful log forensics capabilities.