I'd say this is very much one of those 'it depends' questions. Some security teams are going to want as much data as you're willing to provide, and some will have very detailed things they're wanting to see. Depending upon the SIEM solution there's also a financial aspect as some vendors charge on your ingest volume and even in a moderately sized environment the PANW firewalls can be chatty.
You may want to ask that on the forum so more people can chime in :) I personally don't have extensive soc experience so might miss some interesting onesI'd forward high and critical threats, critical system events, config changes and specific rules for highly sensitive resources
I'd say this is very much one of those 'it depends' questions. Some security teams are going to want as much data as you're willing to provide, and some will have very detailed things they're wanting to see. Depending upon the SIEM solution there's also a financial aspect as some vendors charge on your ingest volume and even in a moderately sized environment the PANW firewalls can be chatty.
You may want to ask that on the forum so more people can chime in :) I personally don't have extensive soc experience so might miss some interesting ones I'd forward high and critical threats, critical system events, config changes and specific rules for highly sensitive resources