Issue
When configuring Palo Alto PANOS to send Syslog data for ingestion by Red Canary. What data is expected?
Environment
Red Canary Alerts
Resolution
Red Canary would prefer to ingest Palo Alto Wildfire & Palo Alto Threat Prevention data sources of Critical, High & Medium severity. System logs can be ingested but are set at a low priority. All logs with severity of Low or Informational are filtered out and will not be displayed in the alerts page UI.
Cause
Regular traffic data and non security errors logs can saturate the ingestor and can provide a large number of alerts that may no be relevant to your security needs.