Hi Everyone, Greeting!! I have a concern regarding the Global protect log forwarding for forwarding the logs to Qradar SIEM Tool. The concern is about whether Global Protect support for LEEF Format if it does support i want a document that contains the required fields about the Global protect to be sent to the SIEM Tool. I want to confirm two things whether Global protect does support LEEF format? If it does support could you please share the required document or the whole details that needs to be in place to forward the log to Qradar from PA devices? Does Global protect provides public IP address details over the SIEM tool or both public and private address can be shown? Kindly in need of you assistance guys.
Thanks in advance.
Here's the doc on LEEF: https://docs.paloaltonetworks.com/traps/4-2/traps-endpoint-security-manager-admin/reports-and-logging/forward-logs-to-an-external-logging-platform/leef-format.html Please feel free to create and share a document specific to integrating GlobalProtect with Qradar GlobalProtect logs contain both public and private IP