Now that you have a basic security policy,
you can review the statistics and data in the Application Command
Center (ACC), traffic logs, and the threat logs to observe trends on
your network. Use this information to identify where you need to
create more granular security policy rules.
In the ACC, review the most used applications and the high-risk
applications on your network. The ACC graphically summarizes the
log information to highlight the applications traversing the network,
who is using them (with User-ID enabled),
and the potential security impact of the content to help you identify
what is happening on the network in real time. You can then use
this information to create appropriate security policy rules that
block unwanted applications, while allowing and enabling applications
in a secure manner.
The Compromised Hosts widget in
potentially compromised hosts on your network and the logs and match
evidence that corroborates the events.
Determine what updates/modifications are required for
your network security policy rules and implement the changes.
Evaluate whether to allow web content
based on schedule, users, or groups.
Allow or control certain applications or functions within an
logs are dependent on how your security policies are defined and
set up to log traffic. The Application Usage widget in the
however, records applications and statistics regardless of policy
configuration; it shows all traffic that is allowed on your network,
therefore it includes the inter-zone traffic that is allowed by
policy and the same zone traffic that is allowed implicitly.
Review the AutoFocus intelligence summary for artifacts
in your logs. An
is an item, property, activity,
or behavior associated with logged events on the firewall. The intelligence
summary reveals the number of sessions and samples in which WildFire
detected the artifact. Use WildFire verdict information (benign,
grayware, malware) and AutoFocus matching tags to look for potential
risks in your network.
AutoFocus tags created
by Unit 42, the Palo Alto Networks
threat intelligence team, call attention to advanced, targeted campaigns
and threats in your network.
From the AutoFocus intelligence
summary, you can start an AutoFocus search for artifacts and assess
their pervasiveness within global, industry, and network contexts.
Review the URL filtering logs to scan through alerts, denied
categories/URLs. URL logs are generated when a traffic matches a
security rule that has a URL filtering profile attached with an
action of alert, continue, override or block.