OTHER SIEM INTEGRATION CASE STUDIES
Customer is a leading SIEM solution provider.
They provide a platform for companies to aggregate and act upon Threat Intelligence.
Customer requested to build a Connector app to integrate their platform with Palo Alto Networks PAN-OS/Firewall to collect Syslog to present as event after normalization, and perform orchestration action to create dynamic address group , attach IP address with tag so security policy can make use of it.
PAN‑OS is the software that runs all Palo Alto Networks® next-generation firewalls
Sacumen developed the Connector app to integrate Palo Alto Networks using java, and Apache REST.
The Connector app performs the following actions:
Set up the prerequisites
Setup Palo Alto firewall
Create a service account
Authenticate using API (XML or REST) with API Key
Show the Syslog events
A sampling of the records to calculate estimated EPS.
Calculates bandwidth consumption.
Calculates Error rate.
Perform the Orchestration action such as Create Tag to specific IP Address, create Dynamic Address Group and attach tag to the group.