Prisma Access

  1. Use the credentials associated with your Palo Alto Networks support account and log in to the Prisma Access application on the hub.
    For more information on using Activity, refer to the Log Viewer.
  2. Filter threat logs based on the
    Threat Category
    or
    Subtype
    in Prisma Access.
    1. Select
      Activity
      Log Viewer
      .
    2. Change the log type to be searched to
      Threat
      .
    3. Create a search filter using one the threat signature subtypes used by the Antivirus, Anti-spyware, or Vulnerability Protection profiles (
      antivirus
      ,
      spyware
      , and
      vulnerability
      , respectively) or based on the threat category using the query builder. For example, you can use
      sub_type.value = 'spyware'
      to view logs for threats that have been determined to be spyware. To search for other subtypes, replace spyware in the above example with another supported subtype (
      vulnerability
      or
      spyware
      ). You can also search based on a specific
      Threat Category
      , such as an info-leak vulnerability by using the following query
      threat_category.value = 'info-leak'
      . For a list of valid categories you can use, refer to Threat Signature Categories. Adjust the search criteria as necessary for your search, including additional query parameters (such as the severity level and action) along with a date range.
    4. Run the query after you have finished assembling your filters.
    5. Select a log entry from the results to view the log details.
    6. The threat
      Category
      is displayed in the
      Details
      pane of the detailed log view. Other relevant details about the threat are displayed in their corresponding windows.
  3. Filter Threat logs by threat [categories] that have been detected using inline cloud analysis (spyware).
    1. Select
      Activity
      Log Viewer
      .
    2. Change the log type to be searched to
      Threat
      .
    3. Create a search filter using a threat category used exclusively by Inline Cloud Analysis (spyware):
      threat_category.value = 'inline-cloud-c2'
      .
    4. Select a log entry to view the details of a detected C2 threat.
  4. Filter Threat logs by threat [categories] that have been detected using inline cloud analysis (vulnerability).
    1. Select
      Activity
      Log Viewer
      .
    2. Change the log type to be searched to
      Threat
      .
    3. Create a search filter using a threat category used exclusively by Inline Cloud Analysis (vulnerability):
      threat_category.value = 'inline-cloud-exploit'
      .
    4. Select a log entry to view the details of the detected command injection and SQL injection vulnerabilities. Inline exploit (SQL injection) threats have an ID of 99950 while inline exploit (command injection) threats have an ID of 99951.

Recommended For You