Envision & Palo Alto IDS logging / alerting capability
We recently began shipping our threat logs from the Palo Alto firewalls to RSA Envision. I'm having a great deal of difficulty locating support documentation from RSA for the supported capabilities of Envision for the Palo Alto. There is a device configuration guide, but I'm looking for more details around available capabilities. Does Envision have IDS signatures for the Palo Alto, allowing us to utilize these devices for IDS functionality? Does anyone have suggestions, details, thoughts? Thanks,
I too have been having difficulty with enVision & Palo Alto IDS logs. The tickets I've opened on this so far have been a waste of time. Just today I've decided to adjust the syslog threat logging format on Palo Alto and will create my own intrusion signatures in enVision. I will let you know if I get anywhere...