Hi all,

I’ve integrated Palo Firewall with MS Sentinel.

For most log type (Traffic, Threat, System), everything is working fine.

But for GlobalProtect log type, it’s missing almost all valuable values (no username, authentication status (failed or success), Portal Name, Gateway Name, etc…

I used to following URL to defines CEF format.

https://github.com/pemontto/Palo-Alto-CEF/blob/master/10.0/globalprotect.txt

PS: PANOS version 11.x

Any idea ??

Regards,

HA

​Hi all, I’ve integrated Palo Firewall with MS Sentinel.For most log type (Traffic, Threat, System), everything is working fine.But for GlobalProtect log type, it’s missing almost all valuable values (no username, authentication status (failed or success), Portal Name, Gateway Name, etc…I used to following URL to defines CEF format.https://github.com/pemontto/Palo-Alto-CEF/blob/master/10.0/globalprotect.txt PS: PANOS version 11.x Any idea ?? Regards, HA    Read More

​