Netflow for Palo Alto with SO
68 views
Skip to first unread message
Blason R
Jul 5, 2018, 11:42:24 PM7/5/18
to security-onion
Hi Guys,
Does anyone succeeded in bringing Netflow logs for PAN with SO? Or is anyone having parsers for PAN so that it can be integrated with SO?
Jesus Padro
Jul 6, 2018, 1:28:05 AM7/6/18
to security-onion
On Thursday, July 5, 2018 at 8:42:24 PM UTC-7, Blason R wrote:
> Hi Guys,
>
> Does anyone succeeded in bringing Netflow logs for PAN with SO? Or is anyone having parsers for PAN so that it can be integrated with SO?
> Hi Guys,
>
> Does anyone succeeded in bringing Netflow logs for PAN with SO? Or is anyone having parsers for PAN so that it can be integrated with SO?
Blason
If you looking at a SOC Orchestration solution that integrates well with PAN and SO then you should look at Phantom. Which is what I am currently doing. Our network is protected by a cluster of 7000 series and 5650 as well as some SRX's. This is why I started investigating Phantom 2 years ago. It also facilitates the integration of SO into it.
Jesus
Blason R
Jul 6, 2018, 9:38:37 AM7/6/18
to security-onion
Hmmm..thats interesting, Let me try that..
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to a topic in the Google Groups "security-onion" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/security-onion/90BmGYhvWjk/unsubscribe.
To unsubscribe from this group and all its topics, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
Philip Robson
Jul 10, 2018, 1:55:53 AM7/10/18
to securit...@googlegroups.com
Does phantom work with the new elasticstack based security onion? I came across phantom in the security onion webinar last year but didn't spend too much time looking at it although I wanted to.
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
Wes Lambert
Jul 10, 2018, 9:25:52 AM7/10/18
to securit...@googlegroups.com
I believe the app from Phantom pertains to ELSA, but I could be wrong.
Thanks,
Wes
Wes Lambert
Jul 10, 2018, 9:28:51 AM7/10/18
to securit...@googlegroups.com
However, you could probably tie in with the Elasticsearch app.
Thans,
Wes
Reply all
Reply to author
Forward
0 new messages