When configuring Palo Alto PANOS to send Syslog data for ingestion by Red Canary. What data is expected?
Red Canary Alerts
Red Canary would prefer to ingest Palo Alto Wildfire & Palo Alto Threat Prevention data sources of Critical, High & Medium severity. No system, traffic or error logs sources should be sent.
Regular traffic data and non security errors logs can saturate the ingestor and can provide a large number of alerts that may no be relevant to your security needs.