Palo Alto Networks Cloud NGFW for Microsoft Sentinel solution
Solution: Azure Cloud NGFW By Palo Alto Networks
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | Palo Alto Networks |
| Support Tier | Partner |
| Support Link | https://support.paloaltonetworks.com |
| Categories | domains |
| Version | 3.0.1 |
| Author | Microsoft - support@microsoft.com |
| First Published | 2023-11-03 |
| Last Updated | 2023-11-03 |
| Solution Folder | Azure Cloud NGFW by Palo Alto Networks |
| Marketplace | Azure Marketplace · Rating: ★★★★☆ 4.5/5 (107 ratings) · Popularity: 🟢 High (94%) |
The Azure Cloud NGFW By Palo Alto Networks Solution for Microsoft Sentinel allows you to easily connect your Cloud NGFW logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's network and improves your security operation capabilities. This solution also contains playbooks to help in automated remediation.
Underlying Microsoft Technologies used:
This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:
a. Agent-based log collection (CEF over Syslog)
Contents
Data Connectors
This solution provides 1 data connector(s):
🔶 CLv1: This connector ingests into a table that uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g.
_s,_d,_b,_t,_g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.
Tables Used
This solution uses 1 table(s):
| Table | Used By Connectors | Used By Content |
|---|---|---|
fluentbit_CL 🔶 |
Azure CloudNGFW By Palo Alto Networks | Analytics, Hunting, Workbooks |
🔶 CLv1: This table uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g.
_s,_d,_b,_t,_g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.
Content Items
This solution includes 7 content item(s):
| Content Type | Count |
|---|---|
| Analytic Rules | 3 |
| Hunting Queries | 2 |
| Workbooks | 2 |
Analytic Rules
| Name | Severity | Tactics | Tables Used |
|---|---|---|---|
| CloudNGFW By Palo Alto Networks - Threat signatures from Unusual IP addresses | Medium | Discovery, Exfiltration, CommandAndControl | CommonSecurityLogfluentbit_CL |
| CloudNGFW By Palo Alto Networks - possible internal to external port scanning | Low | Discovery | CommonSecurityLogfluentbit_CL |
| Palo Alto - potential beaconing detected | Low | CommandAndControl | CommonSecurityLogfluentbit_CL |
Hunting Queries
| Name | Tactics | Tables Used |
|---|---|---|
| Palo Alto - high-risk ports | InitialAccess, Discovery | CommonSecurityLogfluentbit_CL |
| Palo Alto - potential beaconing detected | CommandAndControl | CommonSecurityLogfluentbit_CL |
Workbooks
| Name | Tables Used |
|---|---|
| CloudNGFW-NetworkThreat | fluentbit_CL |
| CloudNGFW-Overview | fluentbit_CL |
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.0.2 | 09-01-2025 | Updated query of Analytic Rules and fixed failing queries of Workbooks |
| 3.0.1 | 02-12-2024 | Updated Data Connector Ids for dependent content |
| 3.0.0 | 15-02-2024 | Initial Solution Release |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊