Skip to main content

Strata Logging Service by Palo Alto Networks

Download With Dependencies

Palo Alto Networks Strata Logging Service XSOAR Connector provides cloud-based, centralized log storage and aggregation for your on-premise, virtual (private cloud and public cloud) firewalls, for Prisma Access, and for cloud-delivered services such as Cortex XDR

Palo Alto Strata Logging Service provides customers with the ability to store, process, and analyze large data sets in a secure and compliant manner.

The Strata Logging Service integration facilitates network security visualization and threat identification, automates incident response, and meets regulatory compliance requirements.

What does this pack do?

  • Perform queries on any field within the threat, traffic, URL, and file data firewall tables.
  • Reset the authentication limit cache if a call-limit error occurs.

This pack includes the following playbooks:

  • Strata Logging Service - Traffic Indicators Hunting - queries Strata Logging Service (SLS) for file indicators, including MD5 hashes, SHA256 hashes, SHA1 hashes, file names, and file types.
  • Strata Logging Service - File Indicators Hunting - queries Strata Logging Service (SLS) for traffic indicators, including IP addresses, geolocations, URLs, domains, and ports.
  • Strata Logging Service - Indicators Hunting - facilitates threat hunting and detection of IOCs within Strata Logging Service logs. The playbook and sub-playbooks query Strata Logging Service for files, traffic, HTTP requests, and execution flows indicators. Supported IOCs for this playbook are SHA256, MD5, SHA1, IP addresses, geolocations, URLs, domains, port Numbers, file Names, file Types, URIs, Applications.

Pack Contributors:


  • Eric Partington

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

PUBLISHER

PLATFORMS

Cortex XSOAR

INFO

CertificationRead more
Supported ByCortex
CreatedJuly 5, 2020
Last ReleaseJuly 3, 2024
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.