This week, I’m in Las Vegas at Splunk .conf2013, the Splunk Worldwide User Conference. It’s a fantastic conference, and I’ve already met a lot of people passionate about both Splunk and Palo Alto Networks. If you’re here at the conference, come by and see the latest updates at the Partner Pavillion. In addition, Marc Benoit will be speaking about the integration on October 2nd at 3:00 PM, at a session entitled “Mitigating Cybersecurity Risk with Palo Alto Networks”.
If you’re not familiar with the integration, you may be wondering what it does. As you know, the next-generation firewall is built upon a foundation of thoroughly understanding apps, users and content across all traffic. Together, these technologies act as a very precise sensor to understand network activity in order to safely enable applications and break the threat lifecycle.
Splunk consumes the log data from the next-generation firewall through syslog (as well as NetFlow, with the assistance of a third party plug in). It gathers log data from multiple resources, including the next-generation firewall as well as other systems, and can build searches and dashboards across all of the data that it receives, even across other systems in the organization.
Think back to when you first learned how a pivot table worked in a spreadsheet. Suddenly, it became possible to find insights in tables of data that were not readily apparent when examining the raw data itself. Splunk users undergo a similar transformation by being able ask questions about data sourced and correlated across the organization. Now they can get the answers to burning questions that they've always wanted to ask but never had a way of asking in the past. Getting real-time answers to your questions lets you explore your logs in ways that were simply not possible in the past.
The cornerstone of the integration is Splunk App for Palo Alto Networks. It’s a free app that allows organizations to bring these two products together. Give it a try, and post a comment to this blog in the box below to let us know how you’re using the integration.
If you’re interested in learning more, have a look at the Splunk Solution Brief, and we look forward to seeing you here at Splunk .conf.