PanECS (pronounced "panex") is an Elastic Common Schema implementation for gathering all logging information from the Palo Alto Networks Next Generation Firewall and the Traps application. By adhering to the standards of the ECS, these logs can be used in an ECS based Elasticsearch implementation and utilized to perform searches against, and create visualizations for, common data from differing vendors/hosts/apps/device-types all within the same context.
This repository includes:
- A docker-compose file that can be used to implement a containerized ELK stack if you don't already have one
- A Logstash configuration file that will ingest, filter/dissect and enrich events from both the NGFW and Traps.
- Elasticsearch mappings for each of the log event types from the NGFW and Traps.
- Kibana example vizualizations and dashboards that display information from the different log types.
For more information on each of the above, details of each and installation notes see the Wiki or follow the links below if they align with what you are looking for: