We want to install the app on our search head that is running our Security app. it seems silly to me to have to connect the app on all our indexers and search heads. the reason I am asking is that In the configuration, they want you to connect to the Palo Alto device in the app. Or can I just connect the app on my search head? Does any one have any details on this? I normally run a Universal forwarder that I am collecting our firewall logs from, it just forwards the data to the indexers.
↧