In PaloAlto, by default all log files are generated and stored locally on the firewall
To view the details of Threats Goto Monitor tab > Threats
Each entry includes the date and time, a threat name or URL, the source and destination zones, addresses, and ports, the application name,and the alarm action (allow or block) and severity.
Threat tab Displays an entry when traffic matches a Security Profile (Antivirus, Anti-Spyware,Vulnerability, URL Filtering, File Blocking, Data Filtering, or DoS Protection) that is attached to a security rule on the firewall.
The Type column indicates the type of threat, such as “virus” or “spyware.” The Name column is the threat description or URL
To view all the traffic from attackers IP .Go to Monitor tab > Traffic and in filter bar give the attackers IP as source address in the format (addr.src in 18.104.22.168) and press ENTER. It will show all the traffic from that IP.
How to view the details of Threats / attacks in PaloAlto Firewall
by Shabeer ibm