Configure Palo Alto Networks Prisma Access to send logs to Arctic Wolf

You can configure Palo Alto Networks (PAN) Prisma Access® to send the necessary logs to Arctic Wolf® for security monitoring.

Note: This is an early access (EA) integration. It is not publicly available. If you are interested in joining the EA program, reach out to your Concierge Security® Team (CST).

These resources are required:

  • Administrator permissions for the Strata Cloud Manager
  • One of these license combinations:
    • Strata Cloud Manager Pro
    • Strata Cloud Manager Essentials and Strata Logging Service standalone licenses

    For more information, see Strata Logging Service License.

When the Status of your newly created HTTPS profile changes to Running, notify your CST that you have completed the configuration.

Get the webhook username, password, and URL

  1. Sign in to the Arctic Wolf Unified Portal.
  2. In the navigation menu, click Data Collection > Cloud Sensors.
  3. Click Add Account +.
  4. On the Add Account page, click Prisma Access.
  5. In the Name field, enter a unique and descriptive name for the account.
  6. Click Generate Token.
  7. Copy the Username, Password, and Webhook URL to a safe, encrypted location to provide to Palo Alto Networks in Configure log forwarding in Strata Cloud Manager.

Configure log forwarding in Strata Cloud Manager

  1. Sign in to Strata Cloud Manager.
  2. In the navigation menu, click System Settings.
  3. In the Strata Logging Service section, click Log Forwarding.
  4. On the Log Forwarding page, click the HTTPS tab.
  5. Click Add New HTTPS Profile.
  6. In the Profile Name field, enter a descriptive name.
  7. In the URL field, enter the Webhook URL from Get the webhook username, password, and URL.
  8. In the Client Authorization section, in the Type list, select Basic Authorization.
  9. Enter the Username and Password from Get the webhook username, password, and URL.
  10. Click Test Connection.
    If an error message appears, make sure that the credentials are accurate. If you are not able to resolve the error, take a screenshot and notify your Concierge Security® Team (CST).
  11. Click Next.
  12. In the Payload Format list, select Stacked JSON.
  13. In the Status Notification field, enter the email of a person or team who should receive alerts about the connection status.
  14. Repeat these steps to add a filter for each of the log types listed in Log types for PAN Prisma Access.
    1. In the Filters section, click Add Filter.
    2. In the list, select the log type.
    3. Set the time range to Past 24 hours.
    4. Click Save.
  15. Click Save.
    The new HTTPS profile is created. It may take up to 10 minutes for the Status of the profile to change from Provisioning to Running.