Assess Network Traffic
Now that you have a basic security policy, you can review the statistics and data in the Application Command Center (ACC), traffic logs, and the threat logs to observe trends on your network. Use this information to identify where you need to create more granular security policy rules.
the Application Command Center and Use
the Automated Correlation Engine.In the ACC, review the most used applications and the high-risk applications on your network. The ACC graphically summarizes the log information to highlight the applications traversing the network, who is using them (with User-ID enabled), and the potential security impact of the content to help you identify what is happening on the network in real time. You can then use this information to create appropriate security policy rules that block unwanted applications, while allowing and enabling applications in a secure manner.The Compromised Hosts widget in ACCThreat Activity displays potentially compromised hosts on your network and the logs and match evidence that corroborates the events.
- Determine what updates/modifications are required for
your network security policy rules and implement the changes.For example:
- Evaluate whether to allow web content based on schedule, users, or groups.
- Allow or control certain applications or functions within an application.
- Decrypt and inspect content.
- Allow but scan for threats and exploits.
Logs.Specifically, view the traffic and threat logs (MonitorLogs).Traffic logs are dependent on how your security policies are defined and set up to log traffic. The Application Usage widget in the ACC, however, records applications and statistics regardless of policy configuration; it shows all traffic that is allowed on your network, therefore it includes the inter-zone traffic that is allowed by policy and the same zone traffic that is allowed implicitly.
Log Storage Quotas and Expiration Periods.Review the AutoFocus intelligence summary for artifacts in your logs. An artifact is an item, property, activity, or behavior associated with logged events on the firewall. The intelligence summary reveals the number of sessions and samples in which WildFire detected the artifact. Use WildFire verdict information (benign, grayware, malware) and AutoFocus matching tags to look for potential risks in your network.AutoFocus tags created by Unit 42, the Palo Alto Networks threat intelligence team, call attention to advanced, targeted campaigns and threats in your network.From the AutoFocus intelligence summary, you can start an AutoFocus search for artifacts and assess their pervasiveness within global, industry, and network contexts.
Web Activity of Network Users.Review the URL filtering logs to scan through alerts, denied categories/URLs. URL logs are generated when a traffic matches a security rule that has a URL filtering profile attached with an action of alert, continue, override or block.
Assess Firewall Artifacts with AutoFocus
AutoFocus Threat Intelligence for Network Traffic With a valid AutoFocus subscription, you can compare the activity on your network with the latest threat data available ...
Monitor Applications and Threats
Monitor Applications and Threats All Palo Alto Networks next-generation firewalls come equipped with the App-ID technology, which identifies the applications traversing your network, irrespective of ...
View and Act on AutoFocus Intelligence Summary Data
View and Act on AutoFocus Intelligence Summary Data Interact with the AutoFocus Intelligence Summary to display more information about an artifact or extend your artifact ...
Enable AutoFocus Threat Intelligence
Enable AutoFocus Threat Intelligence Activate the AutoFocus license, and enable the firewall to communicate with AutoFocus. Once you’re set up, you’ll be able to view ...
Enforce Policy using External Dynamic Lists and AutoFocus A...
Enforce Policy using External Dynamic Lists and AutoFocus Artifacts (API) This use case allows you to use data from AutoFocus threat intelligence to create an ...
AutoFocus Intelligence Summary
AutoFocus Intelligence Summary You can view a graphical overview of threat intelligence that AutoFocus compiles to help you assess the pervasiveness and risk of the ...
Log Types Monitor Logs The firewall displays all logs so that role-based administration permissions are respected. Only the information that you are permitted to see ...
Monitoring To forestall potential issues and to accelerate incidence response when needed, the firewall provides intelligence about traffic and user patterns using customizable and informative ...
Features and Benefits
Features and Benefits The Palo Alto Networks next-generation firewalls provide granular control over the traffic allowed to access your network. The primary features and benefits ...