Monitor > Automated Correlation Engine > Correlated Events

Home

Location

Documentation Home
Palo Alto Networks
Support
Live Community
Knowledge Base

Home
PAN-OS
PAN-OS Web Interface Help
Monitor
Monitor > Automated Correlation Engine
Monitor > Automated Correlation Engine > Correlated Events

Last Updated:

Mon Mar 13 22:54:57 UTC 2023

Current Version:

10.1

Version 11.0
Version 10.2
Version 10.1
Version 10.0 (EoL)
Version 9.1

Table of Contents

Filter

Web Interface Basics

Firewall Overview

Features and Benefits

Last Login Time and Failed Login Attempts

Message of the Day

Task Manager

Language

Alarms

Commit Changes

Save Candidate Configurations

Revert Changes

Lock Configurations

Global Find

Threat Details

AutoFocus Intelligence Summary

Configuration Table Export

Change Boot Mode

Dashboard

Dashboard Widgets

ACC

A First Glance at the ACC

ACC Tabs

ACC Widgets

ACC Actions

Working with Tabs and Widgets

Working with Filters—Local Filters and Global Filters

Monitor

Monitor > Logs

Log Types

Log Actions

Monitor > External Logs

Monitor > Automated Correlation Engine

Monitor > Automated Correlation Engine > Correlation Objects

Monitor > Automated Correlation Engine > Correlated Events

Monitor > Packet Capture

Packet Capture Overview

Building Blocks for a Custom Packet Capture

Enable Threat Packet Capture

Monitor > App Scope

App Scope Overview

App Scope Summary Report

App Scope Change Monitor Report

App Scope Threat Monitor Report

App Scope Threat Map Report

App Scope Network Monitor Report

App Scope Traffic Map Report

Monitor > Session Browser

Monitor > Block IP List

Block IP List Entries

View or Delete Block IP List Entries

Monitor > Botnet

Botnet Report Settings

Botnet Configuration Settings

Monitor > PDF Reports

Monitor > PDF Reports > Manage PDF Summary

Monitor > PDF Reports > User Activity Report

Monitor > PDF Reports > SaaS Application Usage

Monitor > PDF Reports > Report Groups

Monitor > PDF Reports > Email Scheduler

Monitor > Manage Custom Reports

Monitor > Reports

Policies

Policy Types

Move or Clone a Policy Rule

Audit Comment Archive

Rule Usage Hit Count Query

Policies > Security

Security Policy Overview

Building Blocks in a Security Policy Rule

Creating and Managing Policies

Overriding or Reverting a Security Policy Rule

Applications and Usage

Security Policy Optimizer

Policies > NAT

NAT Policies General Tab

NAT Original Packet Tab

NAT Translated Packet Tab

NAT Active/Active HA Binding Tab

NAT Target Tab

Policies > QoS

Policies > Policy Based Forwarding

Policy Based Forwarding General Tab

Policy Based Forwarding Source Tab

Policy Based Forwarding Destination/Application/Service Tab

Policy Based Forwarding Forwarding Tab

Policy Based Forwarding Target Tab

Policies > Decryption

Decryption General Tab

Decryption Source Tab

Decryption Destination Tab

Decryption Service/URL Category Tab

Decryption Options Tab

Decryption Target Tab

Policies > Network Packet Broker

Network Packet Broker General Tab

Network Packet Broker Source Tab

Network Packet Broker Destination Tab

Network Packet Broker Application/Service/Traffic Tab

Network Packet Broker Path Selection Tab

Network Packet Broker Policy Optimizer Rule Usage

Policies > Tunnel Inspection

Building Blocks in a Tunnel Inspection Policy

Policies > Application Override

Application Override General Tab

Application Override Source Tab

Application Override Destination Tab

Application Override Protocol/Application Tab

Application Override Target Tab

Policies > Authentication

Building Blocks of an Authentication Policy Rule

Create and Manage Authentication Policy

Policies > DoS Protection

DoS Protection General Tab

DoS Protection Source Tab

DoS Protection Destination Tab

DoS Protection Option/Protection Tab

DoS Protection Target Tab

Policies > SD-WAN

SD-WAN General Tab

SD-WAN Source Tab

SD-WAN Destination Tab

SD-WAN Application/Service Tab

SD-WAN Path Selection Tab

SD-WAN Target Tab

Objects

Move, Clone, Override, or Revert Objects

Move or Clone an Object

Override or Revert an Object

Objects > Addresses

Objects > Address Groups

Objects > Regions

Objects > Dynamic User Groups

Objects > Applications

Applications Overview

Actions Supported on Applications

Defining Applications

Objects > Application Groups

Objects > Application Filters

Objects > Services

Objects > Service Groups

Objects > Tags

Create Tags

View Rulebase as Groups

Move Rules in Group to Different Rulebase or Device Group

Change Group of All Rules

Move All Rules in Group

Delete All Rules in Group

Clone All Rules in Group

Manage Tags

Objects > Devices

Objects > External Dynamic Lists

Objects > Custom Objects

Objects > Custom Objects > Data Patterns

Data Pattern Settings

Syntax for Regular Expression Data Patterns

Regular Expression Data Pattern Examples

Objects > Custom Objects > Spyware/Vulnerability

Objects > Custom Objects > URL Category

Objects > Security Profiles

Actions in Security Profiles

Objects > Security Profiles > Antivirus

Objects > Security Profiles > Anti-Spyware Profile

Objects > Security Profiles > Vulnerability Protection

Objects > Security Profiles > URL Filtering

URL Filtering General Settings

URL Filtering Categories

URL Filtering Settings

User Credential Detection

HTTP Header Insertion

URL Filtering Inline ML

Objects > Security Profiles > File Blocking

Objects > Security Profiles > WildFire Analysis

Objects > Security Profiles > Data Filtering

Objects > Security Profiles > DoS Protection

Objects > Security Profiles > Mobile Network Protection

Objects > Security Profiles > SCTP Protection

Objects > Security Profile Groups

Objects > Log Forwarding

Objects > Authentication

Objects > Decryption Profile

Decryption Profile General Settings

Settings to Control Decrypted Traffic

Settings to Control Traffic that is not Decrypted

Settings to Control Decrypted SSH Traffic

Objects > Packet Broker Profile

Objects > SD-WAN Link Management

Objects > SD-WAN Link Management > Path Quality Profile

Objects > SD-WAN Link Management > SaaS Quality Profile

Objects > SD-WAN Link Management > Traffic Distribution-Profile

Objects > SD-WAN Link Management > Error Correction Profile

Objects > Schedules

Network

Network > Interfaces

Firewall Interfaces Overview

Common Building Blocks for Firewall Interfaces

Common Building Blocks for PA-7000 Series Firewall Interfaces

Tap Interface

HA Interface

Virtual Wire Interface

Virtual Wire Subinterface

PA-7000 Series Layer 2 Interface

PA-7000 Series Layer 2 Subinterface

PA-7000 Series Layer 3 Interface

Layer 3 Interface

Layer 3 Subinterface

Log Card Interface

Log Card Subinterface

Decrypt Mirror Interface

Aggregate Ethernet (AE) Interface Group

Aggregate Ethernet (AE) Interface

Network > Interfaces > VLAN

Network > Interfaces > Loopback

Network > Interfaces > Tunnel

Network > Interfaces > SD-WAN

Network > Zones

Security Zone Overview

Building Blocks of Security Zones

Network > VLANs

Network > Virtual Wires

Network > Virtual Routers

General Settings of a Virtual Router

Static Routes

Route Redistribution

RIP

RIP Interfaces Tab

RIP Timers Tab

RIP Auth Profiles Tab

RIP Export Rules Tab

OSPF

OSPF Areas Tab

OSPF Auth Profiles Tab

OSPF Export Rules Tab

OSPF Advanced Tab

OSPFv3

OSPFv3 Areas Tab

OSPFv3 Auth Profiles Tab

OSPFv3 Export Rules Tab

OSPFv3 Advanced Tab

BGP

Basic BGP Settings

BGP General Tab

BGP Advanced Tab

BGP Peer Group Tab

BGP Import and Export Tabs

BGP Conditional Adv Tab

BGP Aggregate Tab

BGP Redist Rules Tab

IP Multicast

Multicast Rendezvous Point Tab

Multicast Interfaces Tab

Multicast SPT Threshold Tab

Multicast Source Specific Address Space Tab

Multicast Advanced Tab

ECMP

ECMP Settings

More Runtime Stats for a Virtual Router

Routing Tab

RIP Tab

BGP Tab

Multicast Tab

BFD Summary Information Tab

More Runtime Stats for a Logical Router

Routing Stats for a Logical Router

BGP Stats for a Logical Router

Network > Routing > Logical Routers

General Settings of a Logical Router

Static Routes for a Logical Router

BGP Routing for a Logical Router

Network > Routing > Routing Profiles > BGP

Network > IPSec Tunnels

IPSec VPN Tunnel Management

IPSec Tunnel General Tab

IPSec Tunnel Proxy IDs Tab

IPSec Tunnel Status on the Firewall

IPSec Tunnel Restart or Refresh

Network > GRE Tunnels

GRE Tunnels

Network > DHCP

DHCP Overview

DHCP Addressing

DHCP Server

DHCP Relay

DHCP Client

Network > DNS Proxy

DNS Proxy Overview

DNS Proxy Settings

Additional DNS Proxy Actions

Network > QoS

QoS Interface Settings

QoS Interface Statistics

Network > LLDP

LLDP Overview

Building Blocks of LLDP

Network > Network Profiles

Network > Network Profiles > GlobalProtect IPSec Crypto

Network > Network Profiles > IKE Gateways

IKE Gateway Management

IKE Gateway General Tab

IKE Gateway Advanced Options Tab

IKE Gateway Restart or Refresh

Network > Network Profiles > IPSec Crypto

Network > Network Profiles > IKE Crypto

Network > Network Profiles > Monitor

Network > Network Profiles > Interface Mgmt

Network > Network Profiles > Zone Protection

Building Blocks of Zone Protection Profiles

Flood Protection

Reconnaissance Protection

Packet Based Attack Protection

IP Drop

TCP Drop

ICMP Drop

IPv6 Drop

ICMPv6 Drop

Protocol Protection

Ethernet SGT Protection

Network > Network Profiles > QoS

Network > Network Profiles > LLDP Profile

Network > Network Profiles > BFD Profile

BFD Overview

Building Blocks of a BFD Profile

View BFD Summary and Details

Network > Network Profiles > SD-WAN Interface Profile

Device

Device > Setup

Device > Setup > Management

Device > Setup > Operations

Enable SNMP Monitoring

Device > Setup > HSM

Hardware Security Module Provider Settings

HSM Authentication

Hardware Security Operations

Hardware Security Module Provider Configuration and Status

Hardware Security Module Status

Device > Setup > Services

Configure Services for Global and Virtual Systems

Global Services Settings

IPv4 and IPv6 Support for Service Route Configuration

Destination Service Route

Device > Setup > Interfaces

Device > Setup > Telemetry

Device > Setup > Content-ID

Device > Setup > WildFire

Device > Setup > Session

Session Settings

Session Timeouts

TCP Settings

Decryption Settings: Certificate Revocation Checking

Decryption Settings: Forward Proxy Server Certificate Settings

Decryption Settings: SSL Decryption Settings

VPN Session Settings

Device Setup Ace

Device > Setup > DLP

Device > High Availability

Important Considerations for Configuring HA

HA General Settings

HA Communications

HA Link and Path Monitoring

HA Active/Active Config

Cluster Config

Device > Log Forwarding Card

Device > Config Audit

Device > Password Profiles

Username and Password Requirements

Device > Administrators

Device > Admin Roles

Device > Access Domain

Device > Authentication Profile

Authentication Profile

SAML Metadata Export from an Authentication Profile

Device > Authentication Sequence

Device > Data Redistribution

Device > Data Redistribution > Agents

Device > Data Redistribution > Clients

Device > Data Redistribution > Collector Settings

Device > Data Redistribution > Include/Exclude Networks

Device > Device Quarantine

Device > VM Information Sources

Settings to Enable VM Information Sources for VMware ESXi and vCenter Servers

Settings to Enable VM Information Sources for AWS VPC

Settings to Enable VM Information Sources for Google Compute Engine

Device > Troubleshooting

Security Policy Match

QoS Policy Match

Authentication Policy Match

Decryption/SSL Policy Match

NAT Policy Match

Policy Based Forwarding Policy Match

DoS Policy Match

Routing

Test Wildfire

Threat Vault

Ping

Trace Route

Log Collector Connectivity

External Dynamic List

Update Server

Test Cloud Logging Service Status

Test Cloud GP Service Status

Device > Virtual Systems

Device > Shared Gateways

Device > Certificate Management

Device > Certificate Management > Certificates

Manage Firewall and Panorama Certificates

Other Supported Actions to Manage Certificates

Manage Default Trusted Certificate Authorities

Device > Certificate Management > Certificate Profile

Device > Certificate Management > OCSP Responder

Device > Certificate Management > SSL/TLS Service Profile

Device > Certificate Management > SCEP

Device > Certificate Management > SSL Decryption Exclusion

Device > Certificate Management > SSH Service Profile

Device > Response Pages

Device > Log Settings

Select Log Forwarding Destinations

Define Alarm Settings

Clear Logs

Device > Server Profiles

Device > Server Profiles > SNMP Trap

Device > Server Profiles > Syslog

Device > Server Profiles > Email

Device > Server Profiles > HTTP

Device > Server Profiles > NetFlow

Device > Server Profiles > RADIUS

Device > Server Profiles > TACACS+

Device > Server Profiles > LDAP

Device > Server Profiles > Kerberos

Device > Server Profiles > SAML Identity Provider

Device > Server Profiles > DNS

Device > Server Profiles > Multi Factor Authentication

Device > Local User Database > Users

Device > Local User Database > User Groups

Device > Scheduled Log Export

Device > Software

Device > Dynamic Updates

Device > Licenses

Device > Support

Device > Master Key and Diagnostics

Deploy Master Key

Device > Policy Recommendation > IoT

Device > Policy > Recommendation SaaS

User Identification

Device > User Identification > User Mapping

Palo Alto Networks User-ID Agent Setup

Server Monitor Account

Server Monitoring

Client Probing

Cache

Redistribution

Syslog Filters

Ignore User List

Monitor Servers

Configure Access to Monitored Servers

Manage Access to Monitored Servers

Include or Exclude Subnetworks for User Mapping

Device > User Identification > Connection Security

Device > User Identification > Terminal Server Agents

Device > User Identification > Group Mapping Settings Tab

Device > User Identification > Cloud Identity Engine

Device > User Identification > Authentication Portal

GlobalProtect

Network > GlobalProtect > Portals

GlobalProtect Portals General Tab

GlobalProtect Portals Authentication Configuration Tab

GlobalProtect Portals Portal Data Collection Tab

GlobalProtect Portals Agent Tab

GlobalProtect Portals Agent Authentication Tab

GlobalProtect Portals Agent Config Selection Criteria Tab

GlobalProtect Portals Agent Internal Tab

GlobalProtect Portals Agent External Tab

GlobalProtect Portals Agent App Tab

GlobalProtect Portals Agent HIP Data Collection Tab

GlobalProtect Portals Clientless VPN Tab

GlobalProtect Portal Satellite Tab

Network > GlobalProtect > Gateways

GlobalProtect Gateways General Tab

GlobalProtect Gateway Authentication Tab

GlobalProtect Gateways Agent Tab

Tunnel Settings Tab

Client Settings Tab

Client IP Pool Tab

Network Services Tab

Connection Settings Tab

Video Traffic Tab

HIP Notification Tab

GlobalProtect Gateway Satellite Tab

Network > GlobalProtect > MDM

Network > GlobalProtect > Clientless Apps

Network > GlobalProtect > Clientless App Groups

Objects > GlobalProtect > HIP Objects

HIP Objects General Tab

HIP Objects Mobile Device Tab

HIP Objects Patch Management Tab

HIP Objects Firewall Tab

HIP Objects Anti-Malware Tab

HIP Objects Disk Backup Tab

HIP Objects Disk Encryption Tab

HIP Objects Data Loss Prevention Tab

HIP Objects Certificate Tab

HIP Objects Custom Checks Tab

Objects > GlobalProtect > HIP Profiles

Device > GlobalProtect Client

Managing the GlobalProtect App Software

Setting Up the GlobalProtect App

Using the GlobalProtect App

Panorama Web Interface

Use the Panorama Web Interface

Context Switch

Panorama Commit Operations

Defining Policies on Panorama

Log Storage Partitions for a Panorama Virtual Appliance in Legacy Mode

Panorama > Setup > Interfaces

Panorama > High Availability

Panorama > Managed WildFire Clusters

Managed WildFire Cluster Tasks

Managed WildFire Appliance Tasks

Managed WildFire Information

Managed WildFire Cluster and Appliance Administration

Panorama > Administrators

Panorama > Admin Roles

Panorama > Access Domains

Panorama > Scheduled Config Push

Scheduled Config Push Scheduler

Scheduled Config Push Execution History

Panorama > Managed Devices > Summary

Managed Firewall Administration

Managed Firewall Information

Firewall Software and Content Updates

Firewall Backups

Panorama > Device Quarantine

Panorama > Managed Devices > Health

Detailed Device Health on Panorama

Panorama > Templates

Templates

Template Stacks

Panorama > Templates > Template Variables

Panorama > Device Groups

Panorama > Managed Collectors

Log Collector Information

Log Collector Configuration

General Log Collector Settings

Log Collector Authentication Settings

Log Collector Interface Settings

Log Collector RAID Disk Settings

User-ID Agent Settings

Connection Security

Communication Settings

Software Updates for Dedicated Log Collectors

Panorama > Collector Groups

Collector Group Configuration

Collector Group Information

Panorama > Plugins

Panorama > SD-WAN

SD-WAN Devices

SD-WAN VPN Clusters

SD-WAN Monitoring

SD-WAN Reports

Panorama > VMware NSX

Configure a Notify Group

Create Service Definitions

Configure Access to the NSX Manager

Create Steering Rules

Panorama > Log Ingestion Profile

Panorama > Log Settings

Panorama > Server Profiles > SCP

Panorama > Scheduled Config Export

Panorama > Software

Manage Panorama Software Updates

Display Panorama Software Update Information

Panorama > Device Deployment

Manage Software and Content Updates

Display Software and Content Update Information

Schedule Dynamic Content Updates

Revert Content Versions from Panorama

Manage Firewall Licenses

Panorama > Device Registration Auth Key

Web Interface Basics
Dashboard
- Dashboard Widgets
ACC
Monitor
Policies
Objects
- Move, Clone, Override, or Revert Objects