Hi All - We are implementing Panorama here and I was wondering if there are any benefit in forwarding logs from Panorama, if the logs are already coming in from firewalls. Are Panorama logs better correlated compared to logs directly coming in from Palo firewalls?
its been a long time sunce i worked with PAN data, however, it seems like they are redundant.
After all, Panorama is the console for PAN
read in detail here:
https://splunk.paloaltonetworks.com/dashboards.html
and here:
https://splunk.paloaltonetworks.com/tune-or-reduce-firewall-logs.html
will recommend to read all the docs all the way through (not only the links)
hope it helps