BlueApp for Palo Alto Networks

Detect & Block Malicious IPs with the BlueApp for Palo Alto Networks

Palo Alto Networks
  • PAN-OS
  • Firewall
  • Detection
  • Response

See All BlueApps + Plug-ins >
BlueApps extend USM Anywhere’s threat detection and orchestration capabilities to other security tools at no additional cost.
Learn more ›

The BlueApp™ for Palo Alto Networks allows you to automate intrusion detection and response activities between AlienVault® USM Anywhere™ and Palo Alto Networks Next-Generation Firewall (NGFW) products, so that you can instantly block malicious IPs as soon as they are detected.

The pre-built integration between USM Anywhere and Palo Alto Networks gives you closed-loop threat detection and response out of the box, without requiring any complex set up or extra installations.

  • Close the loop between threat detection and response 
  • Simplify the integration of multiple IT and security products with BlueApps out of the box 
  • Gain deeper visibility into your firewall traffic and the top threats against your environment
  • Automatically block malicious IPs with Palo Alto Networks Next-Generation Firewalls as threats are detected in USM Anywhere

How It Works:

  1. USM Anywhere collects and analyzes log data from your Palo Alto Networks NGFW. Using integrated threat intelligence, including the latest IDS signatures, USM Anywhere identifies threats and intrusions against your environment.

  2. If USM Anywhere detects an anomalous or suspicious event, such as communication with a known malicious IP address or domain, it raises an alarm, letting you know what to investigate.

  3. In response to events and alarms, you can create an automated (or manual) response that instructs your Palo Alto Networks NGFW to block the malicious IP.

  4. USM Anywhere has a pre-built, interactive dashboard for Palo Alto Networks that summarizes firewall traffic events and top threats. With it, you can more easily monitor your security posture through a single pane of glass.


Ready to get started? See detailed instructions here ›

Go Deep: Read the Palo Alto Networks Datasheet

Read the Datasheet

Why You’ll Love the BlueApp for Palo Alto Networks


See something, do something. When USM Anywhere detects a malicious IP address, it can automate a response to your Palo Alto Networks Next-Generation Firewall, instructing it to block that IP address.

Apply LevelBlue Labs Threat Intelligence to Your Firewall Log Data

USM Anywhere uses its integrated threat intelligence to analyze log data from Palo Alto Networks, along with data from other assets and security products, to detect threats and intrusions. LevelBlue Labs Security Research Team researches and delivers continuous threat intelligence updates directly to USM Anywhere, including the latest IDS signatures, so you don’t have to. You can focus on what matters most — stopping threats in their tracks.  

Monitor Your Security Posture from a Single Console  

With rich, interactive dashboards in USM Anywhere, you can monitor your Palo Alto Networks firewall activities, and see the top threats, top threat signatures, malware, and more. USM Anywhere enriches your log data and makes it simple to search and filter firewall events, as well as export views for reporting purposes.

Save Time & Money

AlienVault combines five essential security capabilities plus a growing ecosystem of BlueApps in one single console, reducing the time and expense of integrating multiple security products while centralizing your security monitoring across your cloud and on-premises environments, and your SaaS applications such as Office 365.

Get price Free trial