I posted this last Friday - bad day for posting as things get missed....
Teams,
This NEW TechNote covers how to setup in this case a Palo-Alto Network Firewall to send CEF formatted syslog to ArcSight ESM. Have ArcSight parse this syslog, read the KVP’s and use the KVP’s to tigger API calls into ClearPass via a .py script when it detects ’threats’ coming from the PANW. Later I plan to add the configuration for CheckPoint/Juniper and potentially Fortinet to this solution.
(Note: credit for the .py goes to Bob Filer)
You can find the document on the support site located here CPPM TechNote - Network Threat Detection with SIEM Integration
CPPM TechNote - Network Threat Detection Utilizing ArcSight ESM V1.pdf
Happy reading – go fill your boots..!!….. comments and feedback/suggestions graciously accepted.