Skip to main content

Netmotion VPN

Parsing and modeling rules for Netmotion VPN logs via syslog

Netmotion VPN

This pack supports Syslog-based log ingestion from Netmotion VPN and includes parsing and modeling rules (XDM mapping) for Cortex XSIAM.

Supported Event types

  • RPC Rule
  • Security Binding Rule
  • Security Authenticating Rule
  • IMP Rule

Configure the Netmotion VPN Side

  1. Log in to the NetMotion Mobility console as an administrator.
  2. Navigate to Configure > Server Settings.
  3. In the left pane, select one of the following options:
  • For all servers, select Global Server Settings.
  • For a specific server, select the specific server name.
  1. Enable Syslog forwarding.
    a. Select Syslog – On / Off and check Turn syslog event logging on.
    b. Set Syslog – Server Host to your Broker VM’s IP/hostname.
    c. (Optional) Modify Syslog – Server Port (default is UDP 514).
  2. Save the settings.

Collect Events from Netmotion VPM

In order to use the collector, use the Broker VM option.

Configure the Broker VM side

To create or configure the Broker VM, use the information described here.

You can configure the specific vendor and product for this instance.

  1. Navigate to Settings > Configuration > Data Broker > Broker VMs.

  2. Go to the apps tab and add the Syslog app. If it already exists, click the Syslog app and then click Configure.

  3. Click Add New.

  4. When configuring the Syslog Collector, set the following values (not relevant for CEF and LEEF formats)

    Parameter: : Value :
    Protocol Select UDP or TCP.
    Port Enter the port that Cortex XSIAM Broker VM should listen on for receiving forwarded events.
    Vendor Enter netmotion.
    Product Enter vpn.

PUBLISHER

PLATFORMS

Cortex XSIAM

INFO

CertificationRead more
Supported ByCortex
CreatedJuly 9, 2025
Last ReleaseJuly 9, 2025
Network Security
Identity And Access Management

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.