Does Global Protect support LEEF format on forwarding the log to Qradar
Hi Everyone, Greeting!! I have a concern regarding the Global protect log forwarding for forwarding the logs to Qradar SIEM Tool. The concern is about whether Global Protect support for LEEF Format if it does support i want a document that contains the required fields about the Global protect to be sent to the SIEM Tool. I want to confirm two things whether Global protect does support LEEF format? If it does support could you please share the required document or the whole details that needs to be in place to forward the log to Qradar from PA devices? Does Global protect provides public IP address details over the SIEM tool or both public and private address can be shown? Kindly in need of you assistance guys.
Thanks in advance.
120 Views
https://live.paloaltonetworks.com/t5/app-for-qradar-articles/palo-alto-networks-application-for-qradar/ta-p/118455