>
    Strata Copilot
    Learn about Security Alerts
    Focus
    Download PDF
    Focus
    1. Home
    2. Device Security
    3. Device Security Administration Guide
    4. Security Alert Overview
    5. Learn about Security Alerts
    Download PDF
    Device Security

    Learn about Security Alerts

    Table of Contents

    Learn about Security Alerts

    There are several ways to learn that a security alert occurred.
    Where Can I Use This?What Do I Need?
    • Device Security (Managed by Strata Cloud Manager)
    • (Legacy) IoT Security (Standalone portal)
    One of the following subscriptions:
    • Device Security subscription for an advanced Device Security product (Enterprise, OT, or Medical)
    • Device Security X subscription
    There are several ways to learn about security alerts. Device Security can automatically notify you by text and email, depending on the methods you enable in your account preferences. Even if you don’t have alert notifications enabled, you might still be notified when another user assigns you an alert for investigation.
    You can also learn of alerts in the Device Security portal itself by checking the Alerts section on the Security Dashboard, hovering over device names on the Devices page, and by viewing the Security Alerts page.
    A way to learn about alerts in the Device Security portal is in the Alerts section on the Security Dashboard. You can organize the alerts on display by severity (low, medium, high, critical), status (detected, investigating, remediating, resolved), device category (for example: audio streaming, IT server, point-of-sale system), or alert type (for example: security risk, unsecure protocol, user policy). When viewing by severity, the numbers in the Alerts column are clickable. Clicking one of them opens the All Alerts page with a filter applied to show only the alerts matching the item you clicked.
    When you hover your cursor over a device name on the Devices page, the Device Security portal displays a pop-up panel with information about the device, including a list of alerts if there are any. Clicking one of the alert names opens the Alert Details page for it.
    Click the name of an alert to open the Alert Details page in a new browser window.

    Security Alert and System Alert Notification

    In addition to viewing security alerts in the Device Security portal or being notified to investigate an alert, Device Security also sends email and text notifications automatically when events trigger them. It does this for two types of alerts:
    • Security Alerts – These alerts pertain to the devices Device Security is monitoring and are triggered by behavioral changes that indicate a potential attack. Here's an example of a security alert notification:
      Palo Alto Networks IoT Policy Alert for Super Micro Computer device: (Warning) SSH User
          Authentication Brute Force. This event indicates a brute force attack through multiple
          login attempts to an SSH server.
    • System Alerts – These alerts pertain to next-generation firewalls. Currently only an outdated application content package triggers a system alert notification.
    Device Security sends these notifications after a user with owner privileges enables them to be sent to all owners (enabled by default) or adds users to a list for notification on AlertsSecurity Alert Notifications.
    The owner can add existing admin users by choosing them from a drop-down that appears. These users receive notifications by email or text or both depending on their user preferences. The owner can also type in the individual email addresses or distribution lists of users whose email addresses share the same domain of one of the owners. (Device Security rejects any address with a domain that's not shared by an owner.) These users receive notifications by email. If an owner disables Send to all the owners, then only those in the email lists will receive notifications.

    © 2026 Palo Alto Networks, Inc. All rights reserved.