View Advanced Threat Prevention Report

Where Can I Use This?
What Do I Need?
  • NGFW
  • Advanced Threat Prevention
The Advanced Threat Prevention Report is available though the Threat Vault API and provides detailed analysis and detection information, as well as information about the transaction, session, and other related processes. The report contain some or all of the information described in the following table based on the session information configured on the firewall that processed the file and the analysis details for the file in a JSON format.
These reports are not available directly through PAN-OS. You must reference the cloud_reportid associated with the threat log and use the Threat Vault API to search and retrieve the report.
Report Heading
Description
General Information
Contains information about the firewall/security platform that processed the threat.
  • The cloud report ID number containing the Advanced Threat report data.
  • Error messages that might have been generated during creation of the report.
PAN-OS Information
Contains information about the firewall/security platform that processed the threat.
  • Firewall interface (IPv4/IPv6)
  • Content package version
  • Firewall Hostname
  • Firewall model
  • Serial Number
  • PAN-OS version
Session Information
Contains session information based on the traffic as it traversed the firewall/security platform that forwarded the threat.
The following options are available:
  • Source IP
  • Source Port
  • Destination IP
  • Destination Port
  • Session ID
  • Session Timestamp
  • Payload Type
Transaction Data
The transaction data provides an overview of the payload details and contains the detection service report(s).
The following options are available:
  • Transaction ID
  • SHA256 hash of the payload
Detection Service Results
When threat analysis is performed by the Advanced Threat Prevention cloud, this section contains entries showing the analysis results. This includes the detection service report(s), which additionally provides the MITRE ATT&CK® classified techniques employed, as well as the payload details.

Recommended For You