When configuring Palo Alto PANOS to send Syslog data for ingestion by Red Canary. What data is expected?
Red Canary Alerts
Red Canary would prefer to ingest Palo Alto Wildfire & Palo Alto Threat Prevention data sources of Critical, High & Medium severity. System logs can be ingested but are set at a low priority. All logs with severity of Low or Informational are filtered out and will not be displayed in the alerts page UI.
Regular traffic data and non security errors logs can saturate the ingestor and can provide a large number of alerts that may no be relevant to your security needs.