Forum Discussion

Michael_Baker's avatar
19 days ago

Nice little hint! with LM Config

In light of the recent Palo CVE and the meed to check logs and monitor for IOC's we used LM Config with an expect script (Grep is not avail over API).

That would only pull the logs if it matched a IOC and alert us! Simple task but a handy use case for LM Config.

Palo will not let you send those logs to a remote syslog otherwise we would of gone the siem path

2 Replies

  • I am really confused on which logs you can't send from a Palo? Other then not having the license to allow for sending of Syslog?