Security

Reply
Occasional Contributor II

Palo Alto Ingress Event in ClearPass

I just setup a Palo Alto firewall as an Event Source and created a Service in ClearPass using the new Event-Based Enforcement and I want to make sure it's been configured properly. I am seeing events come through in Access Tracker, so I assume the syslog tie-in to CPPM from Palo is working, but there isn't really any information in there. Also, one of the threats that shows up (OpenSSL TLS Heartbeat Information Disclosure Vulnerability - Reverse Heartbleed) doesn't seem like it is being sent to ClearPass despite the threat hitting the same Policy on Palo as the events that I am seeing come in. I have attached a screenshot of one of the events that I am seeing in Access Tracker.

Occasional Contributor II

Re: Palo Alto Ingress Event in ClearPass

I have the exact same issue.  I have a ticket open with Aruba and Palo Alto.  Looks like an issue with the ingress events dictionary.  Been working at it for a week now without any resolution.  Did you ever figure out what your issue was?

 

Thanks!

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: