# Palo Alto Logs

## Overview

**Evidence:** Palo Alto Logs\
**Description:** Collect Palo Alto Logs\
**Category:** Applications\
**Platform:** windows\
**Short Name:** plltl\
**Is Parsed:** No\
**Sent to Investigation Hub:** No\
**Collect File(s):** Yes

## Background

Palo Alto Traps (formerly Cyvera) is an endpoint protection platform that prevents exploits and malware through advanced threat prevention. It maintains detailed logs of security events, blocked exploits, and threat intelligence.

## Data Collected

This collector gathers structured data about palo alto logs.

## Collection Method

This collector gathers Palo Alto Traps log files from the Cyvera directory in ProgramData, which contains comprehensive endpoint protection event data.

## Forensic Value

Palo Alto logs are critical for investigating exploit attempts, malware execution prevention, and advanced threat activities. They provide visibility into blocked attacks and help understand the threat landscape targeting the endpoint.