Monitoring
Introduction to tools and tasks that help you monitor web activity on your
network.
Where can I use
this? | What do I need? |
- Prisma Access (Managed by Strata Cloud Manager)
- Prisma Access (Managed by Panorama)
- NGFW (Managed by Strata Cloud Manager)
- NGFW (Managed by PAN-OS or Panorama)
|
|
Palo Alto Networks firewalls and management platforms provide multiple ways of monitoring
web activity on your network. URL filtering logs, reports, and dashboards offer
high-level and detailed visibility. For example, you can examine URL filtering logs for
details about a specific web session or view a visual summary of threats blocked by
Advanced URL Filtering and other services in the
Application Command Center (ACC) or
Strata Command Center. You can filter and
query logs and dashboards to focus on the data that matters most. You can also generate,
schedule, and share reports.
URL filtering logs display comprehensive information about web traffic controlled by your
Security policy rules. These logs are a data source for the dashboards, reports, and
other views that deliver actionable insights. The
HTTP header logging and the
log container page only features offer control
over log detail and volume, respectively. HTTP header logging increases the granularity
of logs, while logging only the main page users access reduces the number of logs
generated.
URL filtering logs might not be generated if traffic is blocked
by an App-ID rule rather than a URL category match. For comprehensive monitoring, review
application usage and other statistics in addition to URL filtering and URL-specific
data.
Regular monitoring of web activity is essential whether you're
getting started with URL filtering or
maintaining an established URL filtering policy. Monitoring web activity helps you
understand user behavior, fine-tune web access rules, and take action on suspicious
activity. For example, you might notice a spike in attempts to access a blocked website.
This could indicate improper web usage, a security threat, or that a legitimate website
is being blocked inadvertently. Insights from monitoring tools can help you focus
investigations and take appropriate action. The tools described in this chapter help
your team:
Understand user behavior and what's happening on your network. What
websites and web applications are your users accessing? How frequently?
Optimize policies and other configuration components. Verify that Security
policy rules, URL categorization, and configurations that impact URL filtering
work as expected. What rules need modification? Do you need to modify website
access for a particular user or group or in general? Do you need to make
exceptions to the enforcement of a particular URL category?
Troubleshoot issues. Diagnose and resolve issues with website access, URL
filtering response page displays, and incorrect URL categorization. You can also
look at other data points and summaries to focus an investigation.
Identify known or unknown threats. What websites or web applications were
accessed and blocked? What other actions might need to be taken?
Ensure compliance. Make sure users adhere to regulatory or business
policies, such as acceptable web usage policies. You can filter web activity by
users and create or modify Security policy rules.