Monitor Activity and Create Custom Reports Based on Threat Categories
Threat categories classify different types of threat signatures to help you understand and draw connections between events threat signatures detect. Threat categories are subsets of the more broad threat signature types: spyware, vulnerability, antivirus, and DNS signatures. Threat log entries display the Threat Category for each recorded event.
- Filter Threat logs by threat category.
- Select MonitorLogsThreat.
- Add the Threat Category column so you can view the Threat Category for each log entry:
- To filter based on Threat Category:
- Use the log query builder to add a filter with the Attribute Threat Category and in the Value field, enter a Threat Category.
- Select the Threat Category of any log entry to add that category to the filter:
- Filter ACC activity by threat category.
- Select ACC and add Threat Category as a global filter:
- Select the Threat Category to filter all ACC tabs.
- Create custom reports based on threat categories to receive
information about specific types of threats that the firewall has
- Select MonitorManage Custom reports to add a new custom report or modify an existingone.
- Choose the Database to use as the source for the custom report—in this case, select Threat from either of the two types of database sources, summary databases and Detailed logs. Summary database data is condensed to allow a faster response time when generating reports. Detailed logs take longer to generate but provide an itemized and complete set of data for each log entry.
- In the Query Builder, add a report filter with the Attribute Threat Category and in the Value field, select a threat category on which to base your report.
- To test the new report settings, click Run Now.
- Click OK to save the report.
New Threat Categories and How to Use Them
New Threat Categories and How to Use Them This feature also introduces new threat categories to classify different types of threats. You can use threat ...
Monitor Web Activity of Network Users
Monitor Web Activity of Network Users You can use the ACC, URL filtering reports, and logs that are generated on the firewall to track user ...
Globally Unique Threat IDs
Globally Unique Threat IDs All Palo Alto Networks threat signatures now have permanent, globally unique IDs that you can use to look up threat signature ...
Learn More About and Assess Threats
Learn More About and Assess Threats Features of Threat Vault and AutoFocus are integrated into the firewall to provide visibility into the nature of the ...
Learn More About Threat Signatures
Learn More About Threat Signatures Firewall Threat logs record all threats the firewall detects based on threat signatures ( Set Up Antivirus, Anti-Spyware, and Vulnerability ...
Configure Custom URL Filtering Reports
Configure Custom URL Filtering Reports To generate a detailed report that you can schedule to run regularly, configure a custom URL Filtering report. You can ...
Threat Details Monitor > Logs > Threat ACC > Threat Activity Objects > Security Profiles > Anti-Spyware/Vulnerability Protection Use the Threat Details dialog to learn ...
URL Filtering Categories
URL Filtering Categories Objects > Security Profiles > URL Filtering > Categories The following table describes URL filtering category settings. Categories Settings Description Category In ...
Device > Setup > Telemetry
Device > Setup > Telemetry Telemetry is the process of collecting and transmitting data for analysis. When you enable telemetry on the firewall, the firewall ...