How to view the details of Threats / attacks in PaloAlto Firewall

In PaloAlto, by default all log files are generated and stored locally on the firewall 

To view the details of Threats Goto Monitor tab > Threats

Each entry includes the date and time, a threat name or URL, the source and destination zones, addresses, and ports, the application name,and the alarm action (allow or block) and severity.

Threat tab Displays an entry when traffic matches a Security Profile (Antivirus, Anti-Spyware,Vulnerability, URL Filtering, File Blocking, Data Filtering, or DoS Protection) that is attached to a security rule on the firewall. 

The Type column indicates the type of threat, such as “virus” or “spyware.” The Name column is the threat description or URL

To view all the traffic from attackers IP .Go to Monitor tab > Traffic and in filter bar give the attackers IP as source address in the format (addr.src in 202.103.52.147) and press ENTER. It will show all the traffic from that IP.





3 comments:

  1. Thank you for sharing the information with this site. Really it is very useful to monitor details of threats. Thank you and please keep update like this

    ReplyDelete
  2. Its very helpful sir...plz keep posted..really doing a grt work sir..

    ReplyDelete
  3. good work. please update clear understading of trust and un trust zones in palo alto firewalls

    ReplyDelete