1. Home
    2. PAN-OS
    3. PAN-OS® Administrator's Guide
    4. Monitoring
    5. View and Manage Reports
    6. Generate Botnet Reports

    Generate Botnet Reports

    The botnet report enables you to use heuristic and behavior-based mechanisms to identify potential malware- or botnet-infected hosts in your network. To evaluate botnet activity and infected hosts, the firewall correlates user and network activity data in Threat, URL, and Data Filtering logs with the list of malware URLs in PAN-DB, known dynamic DNS domain providers, and domains registered within the last 30 days. You can configure the report to identify hosts that visited those sites, as well as hosts that communicated with Internet Relay Chat (IRC) servers or that used unknown applications. Malware often use dynamic DNS to avoid IP blacklisting, while IRC servers often use bots for automated functions.
    The firewall requires Threat Prevention and URL Filtering licenses to use the botnet report. You can Use the Automated Correlation Engine to monitor suspicious activities based on additional indicators besides those that the botnet report uses. However, the botnet report is the only tool that uses newly registered domains as an indicator.

    Related Documentation

    Configuring the Botnet Report

    Botnet Configuration Settings Monitor > Botnet > Configuration To specify the types of traffic that indicate potential botnet activity, click Configuration on the right side ...

    Interpret Botnet Report Output

    Interpret Botnet Report Output The botnet report displays a line for each host that is associated with traffic you defined as suspicious when configuring the ...

    Configure a Botnet Report

    Configure a Botnet Report You can schedule a botnet report or run it on demand. The firewall generates scheduled botnet reports every 24 hours because ...

    Monitor

    Monitor The following topics describe the firewall reports and logs you can use to monitor activity on your network: Monitor > Logs Monitor > External ...

    Report Types

    Report Types The firewall includes predefined reports that you can use as-is, or you can build custom reports that meet your needs for specific data ...

    Managing Botnet Reports

    Botnet Report Settings Monitor > Botnet > Report Setting Before generating the botnet report, you must specify the types of traffic that indicate potential botnet ...

    Correlation Object

    Correlation Object A correlation object is a definition file that specifies patterns to match against, the data sources to use for the lookups, and time ...

    Provide Granular Access to the Monitor Tab

    Provide Granular Access to the Monitor Tab In some cases you might want to enable the administrator to view some but not all areas of ...

    Monitor > Botnet

    Monitor > Botnet The botnet report enables you to use behavior-based mechanisms to identify potential malware- and botnet-infected hosts in your network. The report assigns ...

    View and Manage Reports

    View and Manage Reports The reporting capabilities on the firewall allow you to keep a pulse on your network, validate your policies, and focus your ...

    © 2019 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo