To detect misuse and prevent exploitation of administrator accounts on Palo Alto Networks firewalls or Panorama, the web interface and the command line interface (CLI) now display your last login time and any failed login attempts for your username when you log in. This information allows you to easily identify whether someone is using your administrative credentials to launch an attack.
The Last Login Time information is located to the right of
at the bottom left of the web interface. If one or more failed login attempts occurred using your account since the last successful login, a caution symbol appears to the right of Last Login Time. Hover over the caution symbol to view the number of failed login attempts or click the symbol to view details about the events.
PAN-OS Administrator’s Guide
provides more details on how to
Use the Administrator Login Activity Indicators to Detect Account Misuse.