Palo Alto Logs
Overview
Section titled “Overview”Evidence: Palo Alto Logs
Description: Collect Palo Alto Logs
Category: Applications
Platform: windows
Short Name: plltl
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Section titled “Background”Palo Alto Traps (formerly Cyvera) is an endpoint protection platform that prevents exploits and malware through advanced threat prevention. It maintains detailed logs of security events, blocked exploits, and threat intelligence.
Data Collected
Section titled “Data Collected”This collector gathers structured data about palo alto logs.
Collection Method
Section titled “Collection Method”This collector gathers Palo Alto Traps log files from the Cyvera directory in ProgramData, which contains comprehensive endpoint protection event data.
Forensic Value
Section titled “Forensic Value”Palo Alto logs are critical for investigating exploit attempts, malware execution prevention, and advanced threat activities. They provide visibility into blocked attacks and help understand the threat landscape targeting the endpoint.