Security Posture Alerts

The following table identifies the alerts that
AIOps for NGFW
can raise which are related to the security of your platform.
All security posture alerts are free, which means that you do not need a Premium license in order for
AIOps for NGFW
to raise them.
Alert
Description
Administrator Use of Password Profile
(Free alert)
Password profile is not being used by the administrator.
Class
: Security Posture
Category
: Account Monitoring and Control
In-App Support Ticket
: No
Antivirus Decoder Actions
(Free alert)
Reset both ends of the connection in an Antivirus profile for ftp, http, smb and smtp.
Class
: Security Posture
Category
: Malware Defenses
In-App Support Ticket
: No
Antivirus Decoder Wildfire Actions
(Free alert)
Reset both ends of the connection in an Antivirus profile for ftp, http, smb and smtp.
Class
: Security Posture
Category
: Malware Defenses
In-App Support Ticket
: No
Antivirus Profile Decoder Action
(Free alert)
Wildfire Inline Machine Learning Action for decoders is not configured.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
Antivirus Profile Model Action
(Free alert)
Wildfire Inline Machine Learning Action for models is not enabled.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
Antivirus Updates
(Free alert)
Antivirus content updates are not scheduled to download and install on an hourly basis.
Class
: Security Posture
Category
: Continuous Vulnerability Management
In-App Support Ticket
: No
Application In Rule
(Free alert)
Application
is not set in a rule.
Class
: Security Posture
Category
: Boundary Defense
In-App Support Ticket
: No
Application Override
(Free alert)
An application override policy exists in the rulebase.
Class
: Security Posture
Category
: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches
In-App Support Ticket
: No
Application Package Kit File Size
(Free alert)
Maximum Android Package Kit (APK) file size is larger than recommended.
Class
: Security Posture
Category
: Malware Defenses
In-App Support Ticket
: No
Application Timeouts
(Free alert)
Application timeouts are not configured to the recommended amounts.
Class
: Security Posture
Category
: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches
In-App Support Ticket
: No
Apps and Threat Updates
(Free alert)
Apps and Threat content updates are not configured.
Class
: Security Posture
Category
: Continuous Vulnerability Management
In-App Support Ticket
: No
Apps and Threats Updates App-ID Threshold
(Free alert)
Time delay threshold for installing new App-IDs from content updates is not set.
Class
: Security Posture
Category
: Limitation and Control of Network Ports, Protocols, and Devices
In-App Support Ticket
: No
Archive File Size
(Free alert)
Maximum Archive file size is larger than recommended.
Class
: Security Posture
Category
: Malware Defenses
In-App Support Ticket
: No
Authentication Policy Rule
(Free alert)
Service
is not set to "any" in an authentication rule for captive portal.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
Authentication Portal
(Free alert)
Authentication Portal is not enabled.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
Authentication Portal SSL/TLS Service
(Free alert)
Authentication Portal SSL/TLS Service Profile is not strong.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
Authentication Portal Session Timeout
(Free alert)
Authentication Portal Session timeout is set to a greater value than is recommended.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
Automatically Apply Commit Lock
(Free alert)
"Automatically Acquire Commit Lock" is not enabled on the firewall.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
Backup Peer IP
(Free alert)
Backup HA1 IP address is not configured on the firewall.
Class
: Security Posture
Category
: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches
In-App Support Ticket
: No
Buffered Log Forwarding
(Free alert)
Buffered Log Forwarding is not enabled on the firewall.
Class
: Security Posture
Category
: Maintenance, Monitoring and Analysis of Audit Logs
In-App Support Ticket
: No
Certificate Profile in Authentication Settings
(Free alert)
Certificate Profile is not configured in Authentication Settings.
Class
: Security Posture
Category
: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches
In-App Support Ticket
: No
Config Sync
(Free alert)
Enable Config Sync is not selected on the firewall.
Class
: Security Posture
Category
: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches
In-App Support Ticket
: No
Configuration Log Setting
(Free alert)
Configuration log settings are not configured.
Class
: Security Posture
Category
: Maintenance, Monitoring and Analysis of Audit Logs
In-App Support Ticket
: No
Credential Phishing Mode
(Free alert)
The credential enforcement mode is not set to check for a valid corporate username.
Class
: Security Posture
Category
: Email and Web Browser Protections
In-App Support Ticket
: No
Credential Theft Visibility
(Free alert)
User credentials are allowed for submission to certain categories. Not all credential submissions are being logged.
Class
: Security Posture
Category
: Email and Web Browser Protections
In-App Support Ticket
: No
DNS Cloud Security
(Free alert)
DNS Security for improved and real-time coverage is not enabled.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
DNS Sinkhole
(Free alert)
A DNS sinkhole is not set.
Class
: Security Posture
Category
: Malware Defenses
In-App Support Ticket
: No
Decryption Profile In Rule
(Free alert)
A Decryption policy rule has no Decryption profile attached.
Class
: Security Posture
Category
: Boundary Defense
In-App Support Ticket
: No
Device Authentication Profile Failed Attempts
(Free alert)
The maximum number of failed attempts is not set for an Authentication profile.
Class
: Security Posture
Category
: Account Monitoring and Control
In-App Support Ticket
: No
Device Authentication Profile Lockout Time
(Free alert)
The Authentication Profile lockout time is not set.
Class
: Security Posture
Category
: Account Monitoring and Control
In-App Support Ticket
: No
Disable Forwarding when App-ID Inspection Queue Full
(Free alert)
Forwarding packets exceeding App-ID content inspection queue is enabled but should be disabled.
Class
: Security Posture
Category
: Boundary Defense
In-App Support Ticket
: No
Disable Forwarding when TCP Content Inspection Queue Full
(Free alert)
Forwarding segments exceeding TCP content inspection queue is enabled but should be disabled.
Class
: Security Posture
Category
: Boundary Defense
In-App Support Ticket
: No
Disable Forwarding when UDP Content Inspection Queue Full
(Free alert)
Forwarding datagrams exceeding UDP content inspection queue is enabled but should be disabled.
Class
: Security Posture
Category
: Boundary Defense
In-App Support Ticket
: No
Disable HTTP Partial Response
(Free alert)
HTTP Partial Response is enabled and should be disabled.
Class
: Security Posture
Category
: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches
In-App Support Ticket
: No
Disable TCP Out of Order Traffic Forwarding
(Free alert)
Forwarding TCP out-of-order traffic is enabled and should be disabled.
Class
: Security Posture
Category
: Boundary Defense
In-App Support Ticket
: No
Disabled Rules
(Free alert)
Some rules are disabled.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
Enable Accelerated Aging
(Free alert)
Accelerated Aging is not enabled in Session Settings.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
Enable Detailed Logging
(Free alert)
Log forwarding is not enabled for all rules.
Class
: Security Posture
Category
: Maintenance, Monitoring and Analysis of Audit Logs
In-App Support Ticket
: No
Enable DoS Flood Protection
(Free alert)
One or more DoS Protection Profile flood thresholds not enabled.
Class
: Security Posture
Category
: Boundary Defense
In-App Support Ticket
: No
Enable Forwarding Decrypted Content to WildFire
(Free alert)
Forwarding decrypted content to WildFire is not enabled.
Class
: Security Posture
Category
: Boundary Defense
In-App Support Ticket
: No
Enable Rematch Sessions
(Free alert)
Rematch Sessions is not enabled in Session Settings.
Class
: Security Posture
Category
: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches
In-App Support Ticket
: No
Enable User-ID Timeout
(Free alert)
User Identification Timeout is not enabled on the firewall.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
Enable Zone Packet Buffer Protection
(Free alert)
"Packet Buffer Protection" is not enabled on each zone.
Class
: Security Posture
Category
: Boundary Defense
In-App Support Ticket
: No
Existence Of Authentication Sequence
(Free alert)
Secondary authentication is not configured.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
Expired Rules
(Free alert)
There are rules with expired non-recurring schedules.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
External Authentication Profile
(Free alert)
The external authentication profile for administrators is not configured.
Class
: Security Posture
Category
: Account Monitoring and Control
In-App Support Ticket
: No
Failed Attempts in Authentication Settings
(Free alert)
Failed Attempts is not set to 5 or fewer in Authentication Settings.
Class
: Security Posture
Category
: Account Monitoring and Control
In-App Support Ticket
: No
Flash File Size
(Free alert)
Maximum Flash file size is larger than recommended.
Class
: Security Posture
Category
: Malware Defenses
In-App Support Ticket
: No
Flood Protection Settings
(Free alert)
Flood Protection Settings not enabled or default threshold values are being used.
Class
: Security Posture
Category
: Boundary Defense
In-App Support Ticket
: No
Forward Content-Based Critical System Logs
(Free alert)
Log forwarding is not configured for content-based critical system logs.
Class
: Security Posture
Category
: Maintenance, Monitoring and Analysis of Audit Logs
In-App Support Ticket
: No
GlobalPortect Agent Config App Timeout
(Free alert)
GlobalProtect Agent application timeout is not configured.
Class
: Security Posture
Category
: Controlled Access Based on the Need to Know
In-App Support Ticket
: No
GlobalPortect Agent Config Enforce GP
(Free alert)
The GlobalProtect Agent is being enforced for all network access.
Class
: Security Posture
Category
: Controlled Access Based on the Need to Know
In-App Support Ticket
: No
GlobalPortect Gateway Agent Config Access Routes
(Free alert)
The GlobalProtect Gateway Agent is not configured to include all traffic.
Class
: Security Posture
Category
: Controlled Access Based on the Need to Know
In-App Support Ticket
: No
GlobalPortect Gateway Client Authentication
(Free alert)
GlobalProtect Gateway client is not configured with two-factor authentication.
Class
: Security Posture
Category
: Controlled Access Based on the Need to Know
In-App Support Ticket
: No
GlobalPortect Gateway Server Authentication
(Free alert)
GlobalProtect Portal server authentication is not strong.
Class
: Security Posture
Category
: Controlled Access Based on the Need to Know
In-App Support Ticket
: No
GlobalPortect Portal Agent Config Data Collection
(Free alert)
Host Information Profile is not being collected from endpoints.
Class
: Security Posture
Category
: Controlled Access Based on the Need to Know
In-App Support Ticket
: No
GlobalPortect Portal Agent Config Internal Host Detection
(Free alert)
GlobalProtect Portal Agent Internal Host Detection is not configured.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
GlobalPortect Portal Agent Config User Credentials
(Free alert)
User credentials are saved in the GlobalProtect Portal Agent configuration.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
GlobalPortect Portal Client Authentication
(Free alert)
The GlobalProtect Portal client does not have two-factor authentication configured.
Class
: Security Posture
Category
: Controlled Access Based on the Need to Know
In-App Support Ticket
: No
GlobalPortect Portal Server Authentication
(Free alert)
GlobalProtect Portal server authentication is not strong.
Class
: Security Posture
Category
: Controlled Access Based on the Need to Know
In-App Support Ticket
: No
GlobalProtect Gateway Satellite Tunnel Configuration
(Free alert)
GP Gateway Satellite Tunnel Configuration is not configured for maximum security.
Class
: Security Posture
Category
: Controlled Access Based on Need to Know
In-App Support Ticket
: No
GlobalProtect Gateway Satellite Tunnel Monitoring
(Free alert)
GlobalProtect Gateway Satellite Tunnel Monitoring is not enabled.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
GlobalProtect Portal Satellite OCSP Responder
(Free alert)
GP Portal Satellite OCSP Responder not enabled.
Class
: Security Posture
Category
: Controlled Use of Administrative Privileges
In-App Support Ticket
: No
GlobalProtect Portal Satellite Trusted Root CA
(Free alert)
GlobalProtect Portal missing Satellite Trusted Root CA.
Class
: Security Posture
Category
: Controlled Use of Administrative Privileges
In-App Support Ticket
: No
Grayware Files Logging
(Free alert)
Reporting/Logging is not set for Grayware files.
Class
: Security Posture
Category
: Maintenance, Monitoring and Analysis of Audit Logs
In-App Support Ticket
: No
Group Mapping Included Groups
(Free alert)
Group Include List is not configured in Group Mapping settings.
Class
: Security Posture
Category
: Limitation and Control of Network Ports, Protocols, and Devices
In-App Support Ticket
: No
HA Timer Recommended
(Free alert)
HA Timer is not set to recommended settings.
Class
: Security Posture
Category
: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches
In-App Support Ticket
: No
HTTP2 Inspection
(Free alert)
HTTP2 traffic inspection is not enabled.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
High Availability Encryption
(Free alert)
HA1 Encryption is not set.
Class
: Security Posture
Category
: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches
In-App Support Ticket
: No
High Availability Heartbeat Backup
(Free alert)
Ensure Heartbeat Backup option is set appropriately.
Class
: Security Posture
Category
: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches
In-App Support Ticket
: No
High Availability Interface
(Free alert)
HA3 Interface is not configured for Active-Active.
Class
: Security Posture
Category
: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches
In-App Support Ticket
: No
High Availability Keep-Alive
(Free alert)
HA2 Keep-alive is not enabled.
Class
: Security Posture
Category
: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches
In-App Support Ticket
: No
High Availability Keep-Alive Action
(Free alert)
HA2 Keep-alive Action is not set to Log Only.
Class
: Security Posture
Category
: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches
In-App Support Ticket
: No
High Availability Link Monitoring
(Free alert)
Link Group not configured for Link Monitoring.
Class
: Security Posture
Category
: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches
In-App Support Ticket
: No
High Availability Link or Path Monitoring
(Free alert)
Neither Link / Path Monitoring is enabled.
Class
: Security Posture
Category
: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches
In-App Support Ticket
: No
High Availability Path Monitoring
(Free alert)
Path Group not configured for Path Monitoring.
Class
: Security Posture
Category
: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches
In-App Support Ticket
: No
High Availability Session Owner Selection
(Free alert)
"Session Owner Selection" is not set to "First Packet".
Class
: Security Posture
Category
: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches
In-App Support Ticket
: No
High Availability Session Synchronization
(Free alert)
HA2 Session Synchronization is not enabled.
Class
: Security Posture
Category
: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches
In-App Support Ticket
: No
IPSec Crypto Profile Recommended Authentication
(Free alert)
IPSec Crypto profile is not using SHA256 or higher authentication.
Class
: Security Posture
Category
: Controlled Access Based on Need to Know
In-App Support Ticket
: No
IPSec Crypto Profile Recommended Encryption
(Free alert)
IPSec Crypto profile is not using AES encryption.
Class
: Security Posture
Category
: Data Protection
In-App Support Ticket
: No
IPSec Crypto Profile Recommended Protocol
(Free alert)
IPSec Crypto profile is not using ESP protocol.
Class
: Security Posture
Category
: Controlled Access Based on Need to Know
In-App Support Ticket
: No
Idle Timeout in Authentication Settings
(Free alert)
Idle Timeout is not set to 10 minutes or less in Authentication Settings.
Class
: Security Posture
Category
: Account Monitoring and Control
In-App Support Ticket
: No
Inbound High Risk IP Address Feed
(Free alert)
Inbound traffic from known High-Risk IP Addresses is not being blocked.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
Inbound Malicious IP Address Feed
(Free alert)
There is no rule to block/alert on known inbound malicious traffic.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
Include Networks
(Free alert)
Included networks are not defined.
Class
: Security Posture
Category
: Limitation and Control of Network Ports, Protocols, and Devices
In-App Support Ticket
: No
Interzone Default Rule Logging
(Free alert)
Logging is not enabled for a default interzone rule.
Class
: Security Posture
Category
: Maintenance, Monitoring and Analysis of Audit Logs
In-App Support Ticket
: No
Intrazone Default Rule Logging
(Free alert)
Logging is not enabled for a default intrazone rule, or an IPS profile is not attached.
Class
: Security Posture
Category
: Maintenance, Monitoring and Analysis of Audit Logs
In-App Support Ticket
: No
Jar File Size
(Free alert)
Maximum JAR file size is larger than recommended.
Class
: Security Posture
Category
: Malware Defenses
In-App Support Ticket
: No
Known Bad URL Categories
(Free alert)
Known bad URL categories are not being blocked.
Class
: Security Posture
Category
: Email and Web Browser Protections
In-App Support Ticket
: No
LDAP Profile SSL/TLS Secured Connection
(Free alert)
SSL/TLS secure connection is not enabled in the LDAP profile.
Class
: Security Posture
Category
: Controlled Access Based on the Need to Know
In-App Support Ticket
: No
LDAP Profile Verify Server Certificates
(Free alert)
The LDAP Profile Server Certificate is not set to be verified before SSL sessions begin.
Class
: Security Posture
Category
: Controlled Access Based on the Need to Know
In-App Support Ticket
: No
LDAP Server Redundancy
(Free alert)
There is no redundancy for LDAP servers configured.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
Linux File Size
(Free alert)
Maximum Linux file size is larger than recommended.
Class
: Security Posture
Category
: Malware Defenses
In-App Support Ticket
: No
Lockout Time in Authentication Settings
(Free alert)
Lockout Time is not set to 30 minutes in Authentication Settings.
Class
: Security Posture
Category
: Account Monitoring and Control
In-App Support Ticket
: No
Log Forwarding Threat Settings
(Free alert)
Log Forwarding not configured for Threat Logs.
Class
: Security Posture
Category
: Maintenance, Monitoring and Analysis of Audit Logs
In-App Support Ticket
: No
Log Forwarding Traffic Settings
(Free alert)
Log Forwarding not configured for Traffic Logs.
Class
: Security Posture
Category
: Maintenance, Monitoring and Analysis of Audit Logs
In-App Support Ticket
: No
Log Forwarding WildFire Settings
(Free alert)
Log Forwarding not configured for WildFire Logs.
Class
: Security Posture
Category
: Maintenance, Monitoring and Analysis of Audit Logs
In-App Support Ticket
: No
Log Setting Critical Severity
(Free alert)
Log setting for system logs of "Critical" severity not configured.
Class
: Security Posture
Category
: Maintenance, Monitoring and Analysis of Audit Logs
In-App Support Ticket
: No
Log Setting High Severity
(Free alert)
Log setting for system logs of "High" severity not configured.
Class
: Security Posture
Category
: Maintenance, Monitoring and Analysis of Audit Logs
In-App Support Ticket
: No
Log Setting Informational Severity
(Free alert)
Log setting for system logs of "Informational" severity not configured.
Class
: Security Posture
Category
: Maintenance, Monitoring and Analysis of Audit Logs
In-App Support Ticket
: No
Log Setting Low Severity
(Free alert)
Log setting for system logs of "Low" severity not configured.
Class
: Security Posture
Category
: Maintenance, Monitoring and Analysis of Audit Logs
In-App Support Ticket
: No
Log Setting Medium Severity
(Free alert)
Log setting for system logs of "Medium" severity not configured.
Class
: Security Posture
Category
: Maintenance, Monitoring and Analysis of Audit Logs
In-App Support Ticket
: No
Log URL Requests
(Free alert)
URL requests are not being logged.
Class
: Security Posture
Category
: Email and Web Browser Protections
In-App Support Ticket
: No
Logging At Session Start
(Free alert)
Logging is enabled at session start.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
Logging on High DP Load
(Free alert)
Logging on High DP Load is not enabled.
Class
: Security Posture
Category
: Maintenance, Monitoring and Analysis of Audit Logs
In-App Support Ticket
: No
Login Banner Configuration
(Free alert)
Login Banner is not configured on the firewall.
Class
: Security Posture
Category
: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches
In-App Support Ticket
: No
MS-Office File Size
(Free alert)
Maximum Microsoft Office file size is larger than recommended.
Class
: Security Posture
Category
: Malware Defenses
In-App Support Ticket
: No
Mac OS X File Size
(Free alert)
Maximum Mac OS X file size is larger than recommended.
Class
: Security Posture
Category
: Malware Defenses
In-App Support Ticket
: No
Minimum Password Complexity Settings
(Free alert)
Set minimum password complexity.
Class
: Security Posture
Category
: Controlled Use of Administrative Privileges
In-App Support Ticket
: No
NTP Server Addresses
(Free alert)
Configure NTP Server Address.
Class
: Security Posture
Category
: Maintenance, Monitoring and Analysis of Audit Logs
In-App Support Ticket
: No
NTP Server Authentication
(Free alert)
Configure NTP Server Authentication.
Class
: Security Posture
Category
: Maintenance, Monitoring and Analysis of Audit Logs
In-App Support Ticket
: No
No Decryption Settings
(Free alert)
Decryption settings are not configured for maximum security.
Class
: Security Posture
Category
: Boundary Defense
In-App Support Ticket
: No
Outbound High Risk IP Address Feed
(Free alert)
Outbound traffic to known High-Risk IP Addresses is not being blocked.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
Outbound Malicious IP Address Feed
(Free alert)
There is no rule to block/alert on known outbound malicious traffic.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
Packet Based Attack Protection Settings
(Free alert)
Packet Based Attack Protection Settings not enabled.
Class
: Security Posture
Category
: Boundary Defense
In-App Support Ticket
: No
Packet Buffer Protection Global Setting
(Free alert)
Packet Buffer Protection global settings are not enabled.
Class
: Security Posture
Category
: Boundary Defense
In-App Support Ticket
: No
Passive Link State Auto
(Free alert)
Passive Link State is not set to Auto on the firewall.
Class
: Security Posture
Category
: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches
In-App Support Ticket
: No
Permitted IP Address List
(Free alert)
Permitted IP Addresses is not enabled on the firewall.
Class
: Security Posture
Category
: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches
In-App Support Ticket
: No
Policy Rule Hit Count
(Free alert)
Rule Hit Count for policy rules is not enabled.
Class
: Security Posture
Category
: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches
In-App Support Ticket
: No
Portable Executable File Size
(Free alert)
Maximum Portable Executable file size is larger than recommended.
Class
: Security Posture
Category
: Malware Defenses
In-App Support Ticket
: No
QUIC App Deny
(Free alert)
Quic Application is not denied.
Class
: Security Posture
Category
: Boundary Defense
In-App Support Ticket
: No
Reconnaissance Protection Settings
(Free alert)
Reconnaissance Protection Settings not enabled.
Class
: Security Posture
Category
: Boundary Defense
In-App Support Ticket
: No
Restrict Network Connectivity Services on Data Interface
(Free alert)
HTTP/Telnet are not disabled for Network Connectivity Services (data interface).
Class
: Security Posture
Category
: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches
In-App Support Ticket
: No
Restrict Network Connectivity Services on Mgmt Interface
(Free alert)
Disable HTTP/Telnet in on the management interface.
Class
: Security Posture
Category
: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches
In-App Support Ticket
: No
Rule Description
(Free alert)
The description is not set for all rules.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
Rule For New App-IDs
(Free alert)
A rule does not exist for new App-IDs.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
SNMP Trap Community String
(Free alert)
SNMP Trap "Community" string is set to default string ("public" or "private").
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
SNMP Trap in Server Profile
(Free alert)
SNMP version is not set to "V3" on server profile.
Class
: Security Posture
Category
: Controlled Use of Administrative Privileges
In-App Support Ticket
: No
SSL Forward Proxy
(Free alert)
SSL Forward Proxy options are not configured for maximum security.
Class
: Security Posture
Category
: Boundary Defense
In-App Support Ticket
: No
SSL Inbound Inspection
(Free alert)
SSL Inbound Inspection options are not configured for maximum security.
Class
: Security Posture
Category
: Boundary Defense
In-App Support Ticket
: No
SSL Protocol Settings
(Free alert)
SSL Protocol Setting options are not configured for maximum security.
Class
: Security Posture
Category
: Boundary Defense
In-App Support Ticket
: No
Script File Size
(Free alert)
Maximum Script file size is larger than recommended.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
Secure Configuration - Source and Destination
(Free alert)
Source
or
Destination
are set to "any".
Class
: Security Posture
Category
: Boundary Defense
In-App Support Ticket
: No
Server Monitoring Protocol for User-ID
(Free alert)
WinRM protocol is not enabled for server monitoring.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
Server Monitoring Redundancy
(Free alert)
Not enough User-ID monitored servers configured for redundancy.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
Server Response Inspection
(Free alert)
Server Response Inspection is disabled for some rules.
Class
: Security Posture
Category
: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches
In-App Support Ticket
: No
Service In Rule
(Free alert)
The service is not specified in a rule.
Class
: Security Posture
Category
: Limitation and Control of Network Ports, Protocols, and Services
In-App Support Ticket
: No
Service In Rule With App-ID
(Free alert)
Service
is not set in a rule with App-ID.
Class
: Security Posture
Category
: Limitation and Control of Network Ports, Protocols, and Services
In-App Support Ticket
: No
Session Information Logging
(Free alert)
The session details are not available in the WildFire analysis report. Session information contains details on the source and destination addresses to track to remediate the system, time of system events, identification of firewalls that discovered a threat, and the application on which the threat was identified.
Class
: Security Posture
Category
: Maintenance, Monitoring and Analysis of Audit Logs
In-App Support Ticket
: No
Session Timeout Captive Portal
(Free alert)
Session Timeout Captive Portal is not set to the default value.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
Session Timeout Defaults
(Free alert)
Session Timeout Default is not set to the default value.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
Session Timeout Discard Defaults
(Free alert)
Session Timeout Discard Default is not set to the default value.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
Session Timeout Discard TCP
(Free alert)
Session Timeout Discard TCP is not set to the default value.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
Session Timeout Discard UDP
(Free alert)
Session Timeout Discard UDP is not set to the default value.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
Session Timeout ICMP
(Free alert)
Session Timeout ICMP is not set to the default value.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
Session Timeout Scan
(Free alert)
Session Timeout Scan is not set to the default value.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
Session Timeout TCP
(Free alert)
Session Timeout TCP is not set to the default value.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
Session Timeout TCP Half Closed
(Free alert)
Session Timeout TCP Half Closed is not set to the default value.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
Session Timeout TCP Handshake
(Free alert)
Session Timeout TCP Handshake is not set to the default value.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
Session Timeout TCP Init
(Free alert)
Session Timeout TCP Init is not set to the default value.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
Session Timeout TCP Time Wait
(Free alert)
Session Timeout TCP Time Wait is not set to the default value.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
Session Timeout UDP
(Free alert)
Session Timeout UDP is not set to the default value.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
Session Timeout Unverified RST
(Free alert)
Session Timeout Unverified RST is not set to the default value.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
Set FQDN Refresh Time
(Free alert)
Minimum FQDN Refresh Time is not set on the firewall.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
Set Server Log Monitor Frequency
(Free alert)
Server Log Monitor Frequency value is not set.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
Set User-ID Timeout
(Free alert)
User Identification Timeout is not set.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
Severity Low And Informational In Anti-Spyware Profile
(Free alert)
Low and Informational severities for the Anti-Spyware profile are not set to default.
Class
: Security Posture
Category
: Malware Defenses
In-App Support Ticket
: No
Severity Low And Informational In Vulnerability Profile
(Free alert)
Low and Informational severities in the Vulnerability profile are not set to default.
Class
: Security Posture
Category
: Boundary Defense
In-App Support Ticket
: No
Strict Anti-Spyware Profile
(Free alert)
An Anti-spyware profile is not strict.
Class
: Security Posture
Category
: Malware Defenses
In-App Support Ticket
: No
Strict File Blocking Profile
(Free alert)
The File Blocking profile is not strict.
Class
: Security Posture
Category
: Email and Web Browser Protections
In-App Support Ticket
: No
Strict Vulnerability Protection Profile
(Free alert)
A Vulnerability Protection profile is not strict.
Class
: Security Posture
Category
: Boundary Defense
In-App Support Ticket
: No
Syslog Server Profile Transport Setting
(Free alert)
Syslog Server Profile "Transport" is not set to "SSL".
Class
: Security Posture
Category
: Controlled Access Based on Need to Know
In-App Support Ticket
: No
Tag Sanctioned Applications
(Free alert)
No applications tagged as "Sanctioned".
Class
: Security Posture
Category
: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches
In-App Support Ticket
: No
URL Filtering Categories Logging
(Free alert)
Traffic is not being logged for URL categories that are allowed.
Class
: Security Posture
Category
: Maintenance, Monitoring and Analysis of Audit Logs
In-App Support Ticket
: No
Unique Hostname
(Free alert)
Unique hostnames for each networking device are not configured.
Class
: Security Posture
Category
: Maintenance, Monitoring and Analysis of Audit Logs
In-App Support Ticket
: No
Update Server Identity
(Free alert)
Enable Verify Server Identity.
Class
: Security Posture
Category
: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches
In-App Support Ticket
: No
User-ID ACL Include List
(Free alert)
User-ID ACL Include List not configured in zone.
Class
: Security Posture
Category
: Controlled Access Based on Need to Know
In-App Support Ticket
: No
User-ID Certificate Profile
(Free alert)
Certificate profile is not configured under User-ID connection security settings.
Class
: Security Posture
Category
: Limitation and Control of Network Ports, Protocols, and Devices
In-App Support Ticket
: No
User-ID Probing
(Free alert)
WMI and/or NetBIOS probing is enabled and should be disabled.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
WildFire Updates
(Free alert)
WildFire content updates are not set to be downloaded and installed every minute.
Class
: Security Posture
Category
: Continuous Vulnerability Management
In-App Support Ticket
: No
Wildfire Analysis
(Free alert)
Not all file types are being sent to WildFire.
Class
: Security Posture
Category
: Malware Defenses
In-App Support Ticket
: No
XFF in User-ID
(Free alert)
XFF (X-Forwarded-For-Header) is not enabled.
Class
: Security Posture
Category
: Palo Alto Networks Recommended
In-App Support Ticket
: No
Zone Protection Profile
(Free alert)
Zone Protection Profile not configured.
Class
: Security Posture
Category
: Boundary Defense
In-App Support Ticket
: No

Recommended For You