Application Reports

The number and size of known applications by destination port, unknown applications by destination port, and unknown applications by destination IP address. The firewall generates these reports from Traffic logs and forwards them every 4 hours.

Threat Prevention Reports

Attacker information, the number of threats for each source country and destination port, and the correlation objects that threat events triggered.The firewall generates these reports from Threat logs and forwards them every 4 hours.

URL Reports

URLs with the following PAN-DB URL categories: malware, phishing, dynamic DNS, proxy-avoidance, questionable, parked, and unknown (URLs that PAN-DB has not yet categorized). The firewall generates these reports from URL Filtering logs.

URL Reports also include PAN-DB statistics such as the version of the URL filtering database on the firewall and on the PAN-DB cloud, the number of URLs in those databases, and the number of URLs that the firewall categorized. These statistics are based on the time that the firewall forwarded the URL Reports.

The firewall forwards URL Reports every 4 hours.

File Type Identification Reports

Information about files that the firewall has blocked or allowed based on data filtering and file blocking settings. The firewall generates these reports from Data Filtering logs and forwards them every 4 hours.

Threat Prevention Data

Log data from threat events that triggered signatures that Palo Alto Networks is evaluating for efficacy. Threat Prevention Data provides Palo Alto Networks more visibility into your network traffic than other telemetry settings. When enabled, the firewall may collect information such as source or victim IP addresses.

Enabling Threat Prevention Data also allows unreleased signatures that Palo Alto Networks is currently testing to run in the background. These signatures do not affect your security policy rules and firewall logs, and have no impact to your firewall performance.

The firewall forwards Threat Prevention Data every 5 minutes.

Threat Prevention Packet Captures

Packet captures (if you have enabled your firewall to Take a Threat Packet Capture) of threat events that triggered signatures that Palo Alto Networks is evaluating for efficacy. Threat Prevention Packet Captures provide Palo Alto Networks more visibility into your network traffic than other telemetry settings. When enabled, the firewall may collect information such as source or victim IP addresses.

The firewall forwards Threat Prevention Packet Captures every 5 minutes.

Product Usage Statistics

Back traces of firewall processes that have failed, as well as information about the firewall status. Back traces outline the execution history of the failed processes. These reports include details about the firewall model and the PAN-OS and content release versions installed on your firewall.

The firewall forwards Product Usage Statistics every 5 minutes.