View Advanced IP Defense Logs in Strata Cloud Manager

1. Use the credentials associated with your Palo Alto Networks support account and log in to the Strata Cloud Manager on the hub.
2. Access the log viewer.

   Select Incidents and AlertsLog Viewer.
3. Filter for Advanced IP Defense threat logs.

   In the log viewer, filter the log type to Threat and filter by the Advanced IP Defense threat category. You can further narrow results by:

   • IP attribute category or subcategory (such as Anonymizers & Proxies, Malware C2, Direct-to-IP)
   • Policy action (Block, Allow, or Alert)
   • Source or destination IP address
   • Source or destination zone
   • Time range
4. Review the log details for a specific entry.

   Click a log entry to view the full session details, including the matched IP attributes, the Advanced IP Defense profile and rule that triggered the log, the policy action taken, and the log severity level. For IPs that match multiple attribute categories, all matched categories are displayed in the log detail.
5. (Optional) Search for a specific IP address in IOC Search.

   From the log entry, you can pivot to IOC Search to view the full set of categories and subcategories associated with a specific IP address on the IP Overview page. This provides additional threat intelligence context beyond the attributes that matched your policy rules.