1. Home
    2. Advanced Threat Prevention Administration
    3. Monitor Advanced Threat Prevention
    4. View Advanced Threat Prevention Report

    View Advanced Threat Prevention Report

    Where Can I Use This?
    What Do I Need?
    • NGFW
    • Advanced Threat Prevention
    The Advanced Threat Prevention Report is available though the Threat Vault API and provides detailed analysis and detection information, as well as information about the transaction, session, and other related processes. The report contain some or all of the information described in the following table based on the session information configured on the firewall that processed the file and the analysis details for the file in a JSON format.
    These reports are not available directly through PAN-OS. You must reference the cloud_reportid associated with the threat log and use the Threat Vault API to search and retrieve the report.
    Report Heading
    Description
    General Information
    Contains information about the firewall/security platform that processed the threat.
    • The cloud report ID number containing the Advanced Threat report data.
    • Error messages that might have been generated during creation of the report.
    PAN-OS Information
    Contains information about the firewall/security platform that processed the threat.
    • Firewall interface (IPv4/IPv6)
    • Content package version
    • Firewall Hostname
    • Firewall model
    • Serial Number
    • PAN-OS version
    Session Information
    Contains session information based on the traffic as it traversed the firewall/security platform that forwarded the threat.
    The following options are available:
    • Source IP
    • Source Port
    • Destination IP
    • Destination Port
    • Session ID
    • Session Timestamp
    • Payload Type
    Transaction Data
    The transaction data provides an overview of the payload details and contains the detection service report(s).
    The following options are available:
    • Transaction ID
    • SHA256 hash of the payload
    Detection Service Results
    When threat analysis is performed by the Advanced Threat Prevention cloud, this section contains entries showing the analysis results. This includes the detection service report(s), which additionally provides the MITRE ATT&CKĀ® classified techniques employed, as well as the payload details.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo