Document toolboxDocument toolbox

Devo 360 for Palo Alto

To help organizations enhance Palo Alto Networks security solutions, Devo provides the Devo 360 for Palo Alto application, where cloud-native logging and security analytics meets Palo Alto Networks firewall technology.

The Devo 360 for Palo Alto application, available in Devo Exchange, brings centralized insights from Palo Alto firewall products. It is a pre-built knowledge base of dashboards and alerts that delivers real-time visibility and expedites analysis of Devo users’ Palo Alto firewall activity. It helps you use the Devo Platform to optimize resources and detect threats by automatically aggregating Palo Alto threat definitions, which increases analysts’ efficiency and reduces fatigue as they address alerts.

 

Installing Devo 360 for Palo Alto

Installing the application is easy thanks to Devo Exchange. All you need to do once inside Exchange is find the application, click the Install button, and assign it to your role. You can find the whole process carefully explained in Installing content.

Pre-requisites

To use the Devo 360 Palo Alto, you must have the following Lookups installed in your domain:

Accessing Devo 360 for Palo Alto

The application is easily accessible from the Navigation pane. Select Applications → Devo 360 for Palo Alto and you will land on the General Overview, the application’s main view.

Working with Devo 360 for Palo Alto

In this application, you can find three different views, which are divided in tabs to better categorize the different information displayed and thus make it easier to find what you need. Visit the articles below for an in-depth analysis of the content each view presents:

Operations in all views

In all of the views you have a time picker at the top left so you can visualize the data for the desired period. You can choose either a Time Preset from the list or you can select a Custom Range and specific a date on the calendar.

There are several widgets in all views and all of them have some common features. You can see the query that feeds the widgets by clicking on the ellipsis menu and selecting Show Query.

They also have some particularities and they can be categorized in different types according to the degree of interaction they allow and the type of insight they offer about data.

Column and line charts provide insights on the data distribution over time. These are the widgets with the highest degree of interaction. See the picture below for the different actions you can carry out.

Simple value widgets show the count of a specific value so you can see key indicators at a glance.

Maps provide a quick view of the geographical distribution of the data. In maps, you can hover over geographic positions to see a tooltip with the name of the country and the count of the measured value. You can zoom in or out to find the desired location more easily.

Donut and pie charts provide an overview on the data distribution in relation to the total. You can select segments and hover over them to see a tooltip with the value and count they represent.

Â