Now that you have a basic security policy, you can review the statistics and data in the Application Command Center (ACC), traffic logs, and the threat logs to observe trends on your network. Use this information to identify where you need to create more granular security policy rules.
In the ACC, review the most used applications and the high-risk applications on your network. The ACC graphically summarizes the log information to highlight the applications traversing the network, who is using them (with
User-ID enabled), and the potential security impact of the content to help you identify what is happening on the network in real time. You can then use this information to create appropriate security policy rules that block unwanted applications, while allowing and enabling applications in a secure manner.
The Compromised Hosts widget in
ACC > Threat Activity
displays potentially compromised hosts on your network and the logs and match evidence that corroborates the events.
Determine what updates/modifications are required for your network security policy rules and implement the changes.
Evaluate whether to allow web content based on schedule, users, or groups.
Allow or control certain applications or functions within an application.
Decrypt and inspect content.
Allow but scan for threats and exploits.
For information on refining your security policies and for attaching custom security profiles, see
Enable Basic Threat Prevention Features.
Specifically, view the traffic and threat logs (
Monitor > Logs).
Traffic logs are dependent on how your security policies are defined and set up to log traffic. The Application Usage widget in the
ACC, however, records applications and statistics regardless of policy configuration; it shows all traffic that is allowed on your network, therefore it includes the inter-zone traffic that is allowed by policy and the same zone traffic that is allowed implicitly.
Review the AutoFocus intelligence summary for artifacts in your logs. An artifact is an item, property, activity, or behavior associated with logged events on the firewall. The intelligence summary reveals the number of sessions and samples in which WildFire detected the artifact. Use WildFire verdict information (benign, grayware, malware) and AutoFocus matching tags to look for potential risks in your network.
AutoFocus tags created by Unit 42, the Palo Alto Networks threat intelligence team, call attention to advanced, targeted campaigns and threats in your network.
From the AutoFocus intelligence summary, you can start an AutoFocus search for artifacts and assess their pervasiveness within global, industry, and network contexts.
Review the URL filtering logs to scan through alerts, denied categories/URLs. URL logs are generated when a traffic matches a security rule that has a URL filtering profile attached with an action of alert, continue, override or block.
Monitor Applications and Threats All Palo Alto Networks next-generation firewalls come equipped with the App-ID technology, which identifies the applications traversing your network, irrespective of ...
PAN-OS Log Integration with AutoFocus
PAN-OS Log Integration with AutoFocus AutoFocus threat intelligence data is now integrated with the PAN-OS logs to provide context analysis for firewall events on network, ...
Enable AutoFocus Threat Intelligence
Enable AutoFocus Threat Intelligence With a valid AutoFocus subscription, you can compare the activity on your network with the latest threat data available on the ...
Work with Logs
Work with Logs View Logs Filter Logs Export Logs View AutoFocus Threat Data for Logs View Logs You can view the different log types on ...
Monitor > Logs
Monitor > Logs The following topics provide additional information about monitoring logs. What do you want to know? See: Tell me about the different types ...
Enable Basic Threat Prevention Features
Enable Basic Threat Prevention Features The Palo Alto Networks next-generation firewall has unique threat prevention capabilities that allow it to protect your network from attack ...
Unified Logs The firewall now provides a single Unified log set that enables you to monitor and filter events regardless of log type. The new ...
Use Case: Respond to an Incident Using Panorama
Use Case: Respond to an Incident Using Panorama Network threats can originate from different vectors, including malware and spyware infections due to drive-by downloads, phishing ...
Use Case: Monitor Applications Using Panorama
Use Case: Monitor Applications Using Panorama This example takes you through the process of assessing the efficiency of your current policies and determining where you ...
Monitoring In order to forestall potential issues, and accelerate incidence response when needed, the firewall provides intelligence on traffic and user patterns and customizable and ...