When you enable telemetry, you define what data the firewall collects and shares with Palo Alto Networks. For some telemetry settings, you can preview what the data that your firewall sends will look like before committing. The firewall uses the Palo Alto Networks Services service route to send the data you share from telemetry to Palo Alto Networks.
- Select DeviceSetupTelemetry, and edit the Telemetry settings.
- Select the telemetry data you want to share with Palo
Alto Networks. For more specific descriptions of this data, see What
Telemetry Data Does the Firewall Collect? By default, all
telemetry settings are disabled.To enable Threat Prevention Packet Captures, you must also enable Threat Prevention Data.
- Open a report sample (
) to view the type of data that
the firewall collects for Application Reports, Threat Prevention
Reports, URL Reports, and File Type Identification Reports.The report sample, formatted in XML, is based on your firewall activity in the first 4 hours since you first viewed the report sample. A report sample does not display any entries if the firewall did not find any matching traffic for the report. The firewall only collects new information for a report sample when you restart the firewall and open a report sample.The figure below shows a report sample for Threat Prevention Reports:Application Reports, Threat Prevention Reports, URL Reports, and File Type Identification Reports each consist of multiple reports. In the report sample, Type describes the name of a report. Aggregate lists the log fields that the firewall collects for the report (refer to Syslog Field Descriptions to determine the name of the fields as they appear in the firewall logs). Values indicates the units of measure used in the report (for example, the value count for the Attackers (threat) report refers to the number of times the firewall detected a threat associated with a particular threat ID).
- View the type of data that the firewall collects for
Product Usage Statistics.Enter the following operational CLI command: show system info
- Click OK and Commit your changes.
- If you enabled Threat Prevention Data and Threat Prevention
Packet Captures, view the data that the firewall collected.
There is currently no way to view the DNS information that the firewall collects through passive DNS monitoring.
- Edit the Telemetry settings.
- Click Download Threat Prevention Data ( ) to download a tarball file (.tar.gz) with the most recent 100 folders of data that the firewall collected for Threat Prevention Data and Threat Prevention Packet Captures. If you never enabled these settings or if you enabled them but no threat events have matched the conditions for these settings, the firewall does not generate a file and instead returns an error message.
Device > Setup > Telemetry
Device > Setup > Telemetry Telemetry is the process of collecting and transmitting data for analysis. When you enable telemetry on the firewall, the firewall ...
Telemetry and Threat Intelligence Sharing
Telemetry and Threat Intelligence Sharing You can now participate in telemetry , a community-driven approach to threat prevention. Telemetry allows the firewall to periodically collect ...
Share Threat Intelligence with Palo Alto Networks
Share Threat Intelligence with Palo Alto Networks Telemetry is the process of collecting and transmitting data for analysis. When you enable telemetry on the firewall, ...
What Telemetry Data Does the Firewall Collect?
What Telemetry Data Does the Firewall Collect? The firewall collects and forwards different sets of telemetry data to Palo Alto Networks based on the Telemetry ...
Content Inspection Features
Content Inspection Features New Content Inspection Features Description Credential Phishing Prevention Phishing sites are sites that attackers disguise as legitimate websites with the aim to ...
Content Inspection Features
Content Inspection Features Credential Phishing Prevention Telemetry and Threat Intelligence Sharing Palo Alto Networks Malicious IP Address Feeds Enhanced Coverage for Command and Control (C2) ...
Best Practices for Completing the Firewall Deployment
Best Practices for Completing the Firewall Deployment Now that you have integrated the firewall into your network and enabled the basic security features, you can ...
Palo Alto Networks Malicious IP Address Feeds
Palo Alto Networks Malicious IP Address Feeds With an active Threat Prevention license, Palo Alto Networks provides two feeds with malicious IP addresses that you ...
Upgrade/Downgrade Considerations The following table lists the new features that have upgrade or downgrade impacts. Make sure you understand all potential changes before you upgrade ...