Visibility on Custom Threat Names
Table of Contents
10.0 (EoL)
Expand all | Collapse all
-
- Automatic Content Updates Through Offline Panorama
- Enhanced Authentication for Dedicated Log Collectors and WildFire Appliances
- Syslog Forwarding Using Ethernet Interfaces
- Increased Configuration Size for Panorama
- Access Domain Enhancements for Multi-Tenancy
- Enhanced Performance for Panorama Query and Reporting
- Log Query Debugging
- Configurable Key Limits in Scheduled Reports
- Multiple Plugin Support for Panorama
End-of-Life (EoL)
Visibility on Custom Threat Names
Custom spyware and vulnerability threat objects are now
written on the firewall logging and reporting.
You can create custom spyware and vulnerability
threat objects with a custom Threat ID on Panorama on a per-device
group level and pushed to managed firewall. In PAN-OS 10.0, maps
custom Threat IDs to the corresponding custom threat object name
on the firewall and enables the firewall to generate a threat log
populated with the configured custom Threat ID. By mapping the custom
Threat IDs to the threat object name on the firewall, you provide enhanced
monitoring and visibility in to your threat data by allowing you
to correlate network events with specific custom threat objects.
For
this example, we will configure a custom vulnerability object.
- Configure the custom vulnerability object.
- Selectand select the appropriateObjectsCustom ObjectsVulnerabilityDevice Group.
- Adda new custom vulnerability object.
- Enter the customThreat ID.
- Enter a descriptiveNamefor the custom vulnerability object.
- Select theSeverityto indicate the seriousness of the threat.
- Select theDirectionto indicate whether the threat is assessed from client to server, server to client, or both.
- Configure any additional settings for the custom vulnerability object.
- Select theSignaturestab andAdda new signature for the custom vulnerability object.
- ClickOKto save your configuration changes.
- ClickCommitandCommit and Pushyour configuration changes.
- After your firewalls have processed traffic, selectand export the threat log as a CSV.MonitorThreat
- Navigate to theThreat/Content IDfield to review whether a network threat incident was logged against the custom vulnerability object you created. See Threat Log Fields for more information on the threat syslog field descriptions.