In PaloAlto, by default all log files are generated and stored locally on the firewall
To view the details of Threats Goto Monitor tab > Threats
Each entry includes the date and time, a threat name or URL, the source and destination zones, addresses, and ports, the application name,and the alarm action (allow or block) and severity.
Threat tab Displays an entry when traffic matches a Security Profile (Antivirus, Anti-Spyware,Vulnerability, URL Filtering, File Blocking, Data Filtering, or DoS Protection) that is attached to a security rule on the firewall.
The Type column indicates the type of threat, such as “virus” or “spyware.” The Name column is the threat description or URL
To view all the traffic from attackers IP .Go to Monitor tab > Traffic and in filter bar give the attackers IP as source address in the format (addr.src in 202.103.52.147) and press ENTER. It will show all the traffic from that IP.
Thank you for sharing the information with this site. Really it is very useful to monitor details of threats. Thank you and please keep update like this
ReplyDeleteIts very helpful sir...plz keep posted..really doing a grt work sir..
ReplyDeletegood work. please update clear understading of trust and un trust zones in palo alto firewalls
ReplyDelete