Skip to main content

We'll Do It Live

Here, we’ll be adding a new Data Route that duplicates the incoming firewall traffic and streams it through our Pack’s Pipeline and then routes it to SecOp's Elastic Instance.

important

Make a new route

  1. Select the Routing submenu and click Data Routes
  2. Click Add Route
  3. Enter the Route details below
  4. Click Save

Fill out the Route information as follows:

  • Route Name: palo2SecOpsElastic
  • Filter: __inputId.startsWith('syslog:paloalto')
  • Pipeline: Pack secops-palo-enrich (pan-firewall-traffic)
  • Output: elastic:secopselastic
  • Description: Enrich Palo data the way security wants using secops-palo-enrich pack, then send to secops elastic
  • Final: No
  • Move the route to position 2 (just above palo2ITElastic)

And that’s it! Another job done. Or is it? Here we are again at the end of this demo and you have the same choice: Believe that it delivered the promised results OR go a little further to check for proof.