Skip to content

Palo Alto Networks (PANW)

AQtive Guard seamlessly integrates with Palo Alto Networks Next-Generation Firewalls (NGFW) by ingesting and analyzing TLS handshake data directly from NGFW traffic log files. By integrating these logs, AQtive Guard provides a centralized platform for analyzing potential cryptographic risks and anomalies within your network traffic.

Prerequisites

  • A valid Comma-Separated Values (CSV) traffic log file exported from a Palo Alto NGFW.

Export a traffic log file

To export a traffic log file from a Palo Alto Networks NGFW:

  1. Select MonitorLogs.

  2. Select the Traffic log type.

  3. Add any filters to the filter field.

  4. Export to CSV.

Tip

Use a filter to set a smaller date range or reduce the Max Rows in CSV Export if your exported log file does not include the complete results expected.

Set the date range filter

Examples of date range filters for traffic logs are:

  • All traffic for a specific date (yyyy/mm/dd) and time (hh:mm:ss).
  • All traffic received on or before the date (yyyy/mm/dd) and time (hh:mm:ss).
  • All traffic received on or after the date (yyyy/mm/dd) and time (hh:mm:ss).
  • All traffic received between the date-time range of yyyy/mm/dd hh:mm:ss and yyyy/mm/dd hh:mm:ss.

For example, to export traffic logs using the date range 08/03/2025 to 08/04/2025, add (receive_time geq '2025/08/03 00:00:00') and (receive_time leq '2025/08/04 23:59:59')to the filter field and Apply Filter.

Refer to Filter Logs in the official PANW NGFW documentation for additional details.

Reduce the number of rows to export

You can export the contents of a traffic log file to a CSV-formatted report. By default, the report contains up to 2,000 rows of log entries.

  1. Under Device and Setup, select Management.
  2. Select the Log Export and Reporting tab.
  3. Edit the number of Max Rows in CSV Export (up to 1,048,576 rows).
  4. Select OK to save your changes.

Download the log

  1. Select Export to CSV and wait for the progress bar to complete.
  2. Select Download file to save the log to your local folder.

Upload a Palo Alto Networks log file

To upload the log file in AQtive guard, follow these steps:

  1. Navigate to Data Sources from the main menu, then select Palo Alto Networks.
  2. To upload the CSV file, either:
    • Click in the target area and select the file from your local system.
    • Drag and drop the file into the target upload area.
  3. The data will begin uploading automatically.

Palo Alto Networks NGFW data

AQtive Guard ingests and analyzes the following TLS handshake data directly from PANW NGFW traffic log files:

  • Client Session Resumption
  • Client TLS Cipher Suite
  • Client TLS Elliptic Curve
  • Client TLS Version
  • Destination Port
  • Destination address
  • Hash Algorithm
  • High Res Timestamp
  • IP Protocol
  • Issuer Subject Common Name
  • Root Subject Common Name
  • Server Certificate Signature Algorithm
  • Server Name Indication
  • Server PQC Selected Group
  • Server Session Resumption
  • Server TLS Cipher Suite
  • Source Port
  • Source address
  • Subject Common Name
  • cert_serial
  • fingerprint
  • notafter
  • notbefore
  • tls_version