07-18-2025 07:36 AM
Hi everyone,
We're currently integrating Palo Alto logs (via Panorama) into our SIEM solution (Wazuh) using syslog, and I wanted to confirm the log types that are forwarded by default or require additional configuration.
Specifically, does Panorama forward the following events out-of-the-box via syslog?
Malware/Spyware detections
Command and Control (C2) communications
CVE exploit attempts
High/Critical severity IPS alerts
DNS tunneling or other evasion behaviors
Blocked or suspicious URL category access attempts
DLP events or sensitive data exfiltration
Abnormal login behavior or access to uncommon ports
GlobalProtect VPN anomalies (e.g., connection failures, logins from new or suspicious locations)
If some of these aren’t forwarded by default, what additional steps (custom syslog filters, log forwarding profiles, threat signatures, etc.) are needed to ensure these logs are exported properly?
Thanks in advance for any clarification or guidance!
Best regards,
Austin
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
