Integration with Azure Security Center
View high-priority firewall logs as security alerts on the Azure Security Center dashboard with the default Azure Security Center Log Forwarding profile.
The VM-Series firewall integration with Azure Security Center provides a single pane of glass for high-priority security alerts so you can start triaging an incident directly from the Azure Security Center dashboard. To start using this integration, you must enable Azure Security Center on your Azure subscription.
When you deploy a VM-Series firewall on Azure directly from Azure Security Center, the firewall is automatically configured with two example Security policy rules to safely inspect and allow inbound web-browsing traffic and outbound traffic, and it includes a log forwarding rule to send security-related logs to Azure. With this log forwarding profile, Threat and WildFire Submissions logs of low, medium, high, or critical severity generated on the firewall are displayed as security alerts on the Azure Security Center dashboard.
Azure Security Center can also automatically detect a new firewall instance any time you launch the VM-Series firewall with PAN-OS 8.1 from the Azure marketplace or have a custom deployment using the Azure CLI, PowerShell or ARM template. This detection is made possible because you have enabled Azure Security Center on your subscription. Azure Security Center then pushes the default configuration—including the log forwarding profile (described above)—to forward security-related logs to Azure Security Center. The VM-Series firewall accepts this default configuration only if you have not committed any changes or bootstrapped the firewall at launch. If you have configured your firewall, you can manually attach the Azure Security Center- default Log Forwarding profile directly on the firewall or use Panorama templates and device groups to enable managed firewalls to forward logs to Azure Security Center.