PARTNER TOPICS

Press Releases

Splunk Content

Product Links

Why Splunk?

The Splunk App for Palo Alto Networks takes a context-rich information feed in network security, now including information on APTs from WildFire, to provide valuable insights and improve visibility. With traditional network security devices, the data generated is limited to port, protocol, and IP address information.

With Palo Alto Networks, more useful data such as applications, users, and threat content is available within Splunk^® Enterprise. With a few clicks, administrators can visualize all of this information together and take rapid action on threats and trends, directly from the app interface.

The Palo Alto Networks firewall will inform Splunk of the user generating each connection or event via the syslogs it sends to Splunk. This assumes that the firewall is getting the login information from AD or some other authentication system, to know what user is logged into the device generating the traffic.

Read more at Palo Alto Networks App for Splunk documentation.