Strata Copilot
    Security Lifecycle Review (SLR)
    : Security Lifecycle Review (SLR) Updates
    Focus
    Download PDF
    Focus
    1. Home
    2. Best Practices
    3. Security Lifecycle Review (SLR)
    4. Getting Started With Security Lifecycle Review (SLR)
    5. Security Lifecycle Review (SLR) Updates
    Download PDF

    Security Lifecycle Review (SLR)

    Security Lifecycle Review (SLR) Updates

    Table of Contents

    Security Lifecycle Review (SLR) Updates

    See what’s new, and the issues we’re working on to make Security Lifecycle Review (SLR) even better.
    Here’s what’s new in Security Lifecycle Review (SLR), and the issues we’re working on to make your reports even better.

    What’s New

    Learn about new SLR features, and how they can give you a view into your organization’s risk exposure.
    ReleaseNew Features
    August 2024
    • All updates supported to PAN-OS 11.2 Quasar and earlier when configured properly.
    • Adv DNS Security features , including DNS Request and Response protection
    • Advanced URL Filtering support for additional Categories (scanning, real-time)
    • PAN-OS 11.1 Cosmos—Adv Threat Prevention to showcase Inline deep learning Injection Prevention and additional C2 Prevention models (Cobalt Strike, Encrypted connections, Empire, and more).
    • Updates to SaaS–based Applications to reference the Next-Gen CASB reports.
    • Updated look and feel for the SLR Cyber Threat Assessment
    • Bug fixes, including performance enhancements.
    • Added more WW regions for the IoT Security section of the SLR.
    February 2023
    • PAN-OS 11.0 Nova release—Adv Threat Prevention features PAN-OS 11.0 Nova (Injection and Cobalt Strike prevention).
    • Advanced URL Filtering Updates—Various updates including regions, new categories, and serial number specific data.
    • IoT Security—New releases included more features.
    • Bug fixes, including performance enhancements.
    June 2021
    The section of the report that was previously designated as URL Activity has been relabeled as Advanced URL Filtering Analysis to reflect statistics data from the new real-time URL analysis security service, and now includes additional network activity metrics and threat trends. The updated section provides more details and a centralized view of your URL and domain statistics to help you assess the attack surface and specific attack vectors that make your organization vulnerable to web threats.
    May 2020
    A new navigation bar gives you easy access to SLR report features and customization options:
    • SLR Help Resources—Launch the guided report tour, or access the Security Lifecycle Review Quick Start Guide.
    • Pagination—Add or remove pages or page numbers, or skip to a specific page in the report.
    • PDF Report—Download the report in PDF format.
    • Send Feedback—Report issues directly from the app.
    August 2019We’ve added a new section to the SLR report! DNS is an often overlooked attack vector—advanced attackers in particular use DNS-based techniques like DNS tunneling and domain generation algorithms (DGAs) to exfiltrate data and set up command-and-control (C2) communication channels. The new DNS Security Analysis section gives you visibility in to threats hidden within DNS traffic. Learn more about what’s in an SLR report or create a new SLR report now.
    April 2019
    New Threat Data
    The Threats section of an SLR report summarizes your organization’s risk exposure by breaking down the attacks detected in your network. Threat data now shows you:
    Keep reading to learn more about each of these features...
    Malware That Was First Detected at the Endpoint
    Get visibility into the malware on your network that was first found on an endpoint. This shows you malware that might go undetected without an endpoint security solution in place, or without a solution that works consistently with your network security policy.
    The availability of information on malware detected on the endpoint is based on the products deployed and the malware found in the network.
    Real-World Context for Threats
    AutoFocus tags show you when malware indicates a larger threat—like a targeted campaign or the activity of a specific malicious actor. AutoFocus tags in your SLR report give you context for the malicious activity on your network, and can help you to think about where to focus both prevention and remediation efforts.
    The Countries Threats Are Targeting
    Now you can see the geographic locations that are most targeted by the malware found on your network.

    Known Issues

    We’re working on the following open issues to improve your SLR experience:
    IssueDescription
    WildFire data is not always accurate.
    Verify that WildFire is active and enabled, and that logs are triggered. If not, email slr_support@paloaltonetworks.com.
    The application name is not readable.
    If the application names are not readable when initially creating the SLR, reload the page. This issue is being addressed in a future release.

    Addressed Issues

    The following issues have been addressed in SLR.
    IssueDescription
    Fixed in August 2024
    Network Bandwidth consumption PB shown in SLR report sections. This was a PAN-OS bug (issue was also in the logs) and has been resolved. Upgrade and run the SLR again.
    FIXED on March 5, 2019
    SLR does not include summary details for unknown malware detected by WildFire.
    As of March 5, 2019, SLR reports include summary details for malware that was unknown before WildFire detection. See the Threats section in an SLR report for details on unknown malware found in your network.

    © 2025 Palo Alto Networks, Inc. All rights reserved.