Setting Up Integrations

Palo Alto Next-Generation Firewall (NGFW) Integration Guide for SecurityCoach

In this article, you will learn how to integrate Palo Alto Next-Generation Firewall (NGFW) with SecurityCoach. Once you set up this integration, data provided by Palo Alto NGFW will be available under the SecurityCoach tab of your KnowBe4 console. This data can be viewed in SecurityCoach reports and can be used to create detection rules for real-time coaching campaigns. For general information about SecurityCoach, see our SecurityCoach Product Manual.

Setting Up the Integration in Palo Alto NGFW

  1. Log in to your Palo Alto NGFW account.
  2. Once logged in, click Device at the top of the page.

  3. Click Admin Roles in the left sidebar.

  4. Click Add near the bottom of the page.

  5. A pop-up window will open. Enter your desired name and description into the Name and Description fields.

  6. Disable all access in the Web UI and REST API tabs. In the XML API tab, enable Log access.



  7. Click OK in the bottom-right corner to finalize your changes.

  8. Click Device at the top of the page.

  9. Click Administrators in the left sidebar.

  10. Click Add near the bottom of the page.

  11. A pop-up window will open. See the below screenshot and list for information on how to navigate the pop-up window.


    1. Enter your desired name in the Name field.
    2. Enter your desired description in the Description field.
    3. Enter your desired password in the Password field.
    4. Enter your password again in the Confirm Password field.
    5. For Administrator Type, choose Role Based.
    6. Click the Profile drop-down menu and choose the name of the admin role you created earlier in Steps 5-7.
  12. Click OK in the bottom-right corner to finalize your changes.

  13. To commit your changes, click Commit in the top-right corner of the page.

  14. A new pop-up window will open. Click Commit at the bottom of the page to finalize your changes.

  15. Wait until the Progress bar reaches 100% to indicate completion.

  16. Once the Progress bar reaches 100%, “Configuration committed successfully” will display next to Details.

  17. You can now find the Firewall Domain name in the URL of the webpage. For example, https://[your firewall domain name]/

Setting Up the Integration in SecurityCoach

To set up the Palo Alto NGFW integration in your KSAT console, follow the steps below:

  1. Log in to your KSAT console.
  2. Navigate to SecurityCoach > Setup > Security Coach Vendor Integrations.
  3. Locate the Palo Alto vendor tile and click Configure.


  4. This will open the Palo Alto Next-Generation Firewall (NGFW) integration page. See the below screenshot and list for the steps to complete the integration.


    1. Copy your Firewall Domain from Step 17 of the Setting Up the Integration in Palo Alto NGFW section and enter it into the Firewall Domain field.
    2. In the Username field, enter the admin username that you used in the Setting Up the Integration in Palo Alto NGFW section.
    3. In the Password field, enter the admin password that you used in the Setting Up the Integration in Palo Alto NGFW section.
  5. Click Connect to complete the integration.
Note:Events from Palo Alto NGFW are automatically mapped to users using their usernames.

Deleting the Integration in SecurityCoach

If you want to delete the Palo Alto NGFW integration from SecurityCoach, follow the steps below:

  1. Log in to your KSAT console.
  2. Navigate to SecurityCoach > Setup > Security Coach Vendor Integrations.
  3. Locate the Palo Alto vendor tile and click Edit.
  4. Click Delete Integration near the bottom of the page.
  5. A new pop-up window will open. If you are sure you want to delete the integration, click Confirm.

Can't find what you're looking for?

Contact Support