Issue
After following the configuration for Palo Alto as described in the Alert Source page. We are unable to see any alerts in the External Source for Palo Alto.
Environment
Red Canary Alert Management
Resolution
The Syslog Server Profile should use TCP over SSL to be able to communicate correctly with the Red Canary server and complete the handshake. Once the handshake is fixed the alerts will be populated in Red Canary.
In Palo Alto please review Server Profiles > Syslog > Review the Transport Protocol and switch it to SSL from TCP and ensure that the port number matches the port provided by Red Canary for your syslog in most cases it will be port 514.
Before the Change:
After the change:
Cause
Wrong Protocol is in used for the syslog traffic.