Botnet Configuration Settings
- Monitor > Botnet > Configuration
To specify the types of traffic that indicate potential botnet activity, click Configuration on the right side of the Botnet page and complete the following fields. After configuring the report, you can run it on demand or schedule it to run daily (see Monitor > PDF Reports > Manage PDF Summary).
The default Botnet report configuration is optimal. If you believe the default values identify false positives, create a support ticket so Palo Alto Networks can reevaluate the values.
Botnet Configuration Settings
Enable and define the Count for each type of HTTP Traffic that the report will include. The Count values you enter are the minimum number of events of each traffic type that must occur for the report to list the associated host with a higher confidence score (higher likelihood of botnet infection). If the number of events is less than the Count, the report will display the lower confidence score or (for certain traffic types) won’t display an entry for the host.
Define the thresholds that determine whether the report will include traffic associated with suspicious Unknown TCP or Unknown UDP applications.
Select this option to include traffic involving IRC servers.
Configure a Botnet Report
Configure a Botnet Report You can schedule a botnet report or run it on demand. The firewall generates scheduled botnet reports every 24 hours because ...
Interpret Botnet Report Output
Interpret Botnet Report Output The botnet report displays a line for each host that is associated with traffic you defined as suspicious when configuring the ...
Generate Botnet Reports
Generate Botnet Reports The botnet report enables you to use heuristic and behavior-based mechanisms to identify potential malware- or botnet-infected hosts in your network. To ...
Monitor > Botnet
Monitor > Botnet The botnet report enables you to use behavior-based mechanisms to identify potential malware- and botnet-infected hosts in your network. The report assigns ...
Applications Overview The Applications page lists various attributes of each application definition, such as the application’s relative security risk (1 to 5). The risk value ...
Objects > Security Profiles > Anti-Spyware Profile
Objects > Security Profiles > Anti-Spyware Profile You can attach an Anti-Spyware profile to a Security policy rule to detect connections initiated by spyware and ...
DNS Proxy Settings
DNS Proxy Settings Click Add and configure the firewall to act as a DNS proxy. You can configure a maximum of 256 DNS proxies on ...
Transition WildFire Profiles Safely to Best Practices
Apply WildFire Analysis profiles to allow rules to protect against unknown threats without risking application availability. ...
Configure IP Multicast
Configure a virtual router on the firewall to receive and forward IP multicast traffic by configuring the interfaces: PIM on ingress and egress interfaces, and ...