I want my Splunk Heavy Forwarder to receive TCP data on port 80 using Panorama. I have installed Palo Alto Networks add-on for Splunk on said Heavy Forwarder. Am I required to make any specific configurations in the add-on? I am not interested in using Wildfire, Aperture etc. I am only interested in getting firewall data in my Splunk indexer. Firewalls are already configured to store data in Panorama. Total no. of firewalls is 6 in number.
I have created a TCP data input in my heavy forwarder for that. I have also asked the security team to create a profile for Http(s) server (which will be Splunk) on Panorama.
Do I need to follow any more steps? Any ideas or suggestions? @btorresgil, @adonio, @panguy
I integrated Palo Alto with Splunk a few days back. I used port 514 instead. I made a data input in Splunk on port 514 and asked Security team to send data from Panorama to the data input. Everything works fine.
I integrated Palo Alto with Splunk a few days back. I used port 514 instead. I made a data input in Splunk on port 514 and asked Security team to send data from Panorama to the data input. Everything works fine.