OTHER SIEM INTEGRATION CASE STUDIES
Pulse Secure integration (Add-on) with SplunkIntegration with LogRhythm
Secure Access Platform integration(Add-on and App ) with Splunk
CASB Platform integration (Add-on and App ) with Splunk
DNS Platform integration (App ) with Splunk
Business Risk Intelligence Platform integration ( Add-on) with Splunk
Infrastructure Monitoring Platform integration ( Add-on) with Splunk
Categories
Customer
Customer is a leading SIEM solution provider.
They provide a platform for companies to aggregate and act upon Threat Intelligence.
Requirement
Customer requested to build a Connector app to integrate their platform with Palo Alto Networks PAN-OS/Firewall to collect Syslog to present as event after normalization, and perform orchestration action to create dynamic address group , attach IP address with tag so security policy can make use of it.
Technology Solution
PAN‑OS is the software that runs all Palo Alto Networks® next-generation firewalls
Sacumen developed the Connector app to integrate Palo Alto Networks using java, and Apache REST.
The Connector app performs the following actions:
Set up the prerequisites
Setup Palo Alto firewall
Create a service account
Authenticate using API (XML or REST) with API Key
Show the Syslog events
A sampling of the records to calculate estimated EPS.
Calculates bandwidth consumption.
Calculates Error rate.
Perform the Orchestration action such as Create Tag to specific IP Address, create Dynamic Address Group and attach tag to the group.
info@sacumen.com
+91 80 4976 5878
There are no reviews yet.