1. Home
    2. Advanced Threat Prevention Administration
    3. Prisma Access

    Prisma Access

    1. Use the credentials associated with your Palo Alto Networks support account and log in to the Prisma Access application on the hub.
      For more information on using Activity, refer to the Log Viewer.
    2. Filter threat logs based on the
      Threat Category
       or
      Subtype
       in Prisma Access.
      1. Select
        Activity
        Log Viewer
        .
      2. Change the log type to be searched to
        Threat
        .
      3. Create a search filter using one the threat signature subtypes used by the Antivirus, Anti-spyware, or Vulnerability Protection profiles (
        antivirus
        ,
        spyware
        , and
        vulnerability
        , respectively) or based on the threat category using the query builder. For example, you can use
        sub_type.value = 'spyware'
         to view logs for threats that have been determined to be spyware. To search for other subtypes, replace spyware in the above example with another supported subtype (
        vulnerability
         or
        spyware
        ). You can also search based on a specific
        Threat Category
        , such as an info-leak vulnerability by using the following query
        threat_category.value = 'info-leak'
        . For a list of valid categories you can use, refer to Threat Signature Categories. Adjust the search criteria as necessary for your search, including additional query parameters (such as the severity level and action) along with a date range.
      4. Run the query after you have finished assembling your filters.
      5. Select a log entry from the results to view the log details.
      6. The threat
        Category
         is displayed in the
        Details
         pane of the detailed log view. Other relevant details about the threat are displayed in their corresponding windows.
    3. Filter Threat logs by threat [categories] that have been detected using inline cloud analysis (spyware).
      1. Select
        Activity
        Log Viewer
        .
      2. Change the log type to be searched to
        Threat
        .
      3. Create a search filter using a threat category used exclusively by Inline Cloud Analysis (spyware):
        threat_category.value = 'inline-cloud-c2'
        .
      4. Select a log entry to view the details of a detected C2 threat.
    4. Filter Threat logs by threat [categories] that have been detected using inline cloud analysis (vulnerability).
      1. Select
        Activity
        Log Viewer
        .
      2. Change the log type to be searched to
        Threat
        .
      3. Create a search filter using a threat category used exclusively by Inline Cloud Analysis (vulnerability):
        threat_category.value = 'inline-cloud-exploit'
        .
      4. Select a log entry to view the details of the detected command injection and SQL injection vulnerabilities. Inline exploit (SQL injection) threats have an ID of 99950 while inline exploit (command injection) threats have an ID of 99951.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo