Integration with Azure Security Center
View high-priority firewall logs as security alerts on the Azure Security Center dashboard with the default Azure Security Center Log Forwarding profile.
The VM-Series firewall integration with Azure Security Center provides a single pane of glass for high-priority security alerts so you can start triaging an incident directly from the Azure Security Center dashboard. To start using this integration, you must enable Azure Security Center on your Azure subscription.
When you deploy a VM-Series firewall on Azure directly from Azure Security Center, the firewall is automatically configured with two example Security policy rules to safely inspect and allow inbound web-browsing traffic and outbound traffic, and it includes a log forwarding rule to send security-related logs to Azure. With this log forwarding profile, Threat and WildFire Submissions logs of low, medium, high, or critical severity generated on the firewall are displayed as security alerts on the Azure Security Center dashboard.
Currently Azure restricts you from deploying a multi NIC appliance in an existing resource group. Therefore, you cannot deploy the VM-Series firewall in a resource group where you have deployed the workloads you want to secure. To work around this limitation and make practical use of the default configuration for the VM-Series firewall, you can stage a security risk and deploy a workload with a public IP address that is exposed to the internet. Doing so will trigger the Azure Security Center recommendation for a next-generation firewall, and you can use this recommendation to deploy the firewall in an empty resource group. The deployment workflow is the same as the Azure Marketplace for VM-Series firewall. After you deploy the VM-Series firewall, delete the internet exposed workload, you can deploy your applications or workloads in the resource group when needed within the resource group where you've already deployed the firewall.
Azure Security Center can also automatically discover an existing or new VM-Series firewall instance that you launch with PAN-OS 8.1 from the Azure marketplace or have a custom deployment using the Azure CLI, PowerShell or ARM template. To enable the discovery of the VM-Series firewall as a Security Solution on the Azure Security Center dashboard, you must have the Standard tier of Azure Security Center enabled on your subscription. The workflow to forward security-related logs from the VM-Series firewall to Azure Security Center is more involved and requires you to use an intermediate Linux virtual machine and configure Syslog forwarding to send the required logs from the VM-Series firewall. If you have already configured your firewall, you can manually attach the Azure Security Center- default Log Forwarding profile directly on the firewall or use Panorama templates and device groups to enable managed firewalls to forward logs to Azure Security Center.