Monitor > External Logs
Use this page to view logs ingested from the Traps™ Endpoint Security Manager (ESM) into Log Collectors that are managed by Panorama™. To view Traps ESM logs on Panorama, do the following:
- On the Traps ESM server, configure Panorama as a Syslog server and select the logging events to forward to Panorama. The events can include security events, policy changes, agent and ESM Server status changes, and changes to configuration settings.
External logs are not associated with a device group and are visible only when you select Device Group: All because the logs are not forwarded from firewalls.
MonitorExternal LogsTraps ESMThreat
These threat events include all prevention, notification, provisional, and post-detection events that are reported by the Traps agents.
MonitorExternal LogsTraps ESMSystem
ESM Server system events include changes related to ESM status, licenses, ESM Tech Support files, and communication with WildFire.
MonitorExternal LogsTraps ESMPolicy
Policy change events include changes to rules, protection levels, content updates, hash control logs, and verdicts.
MonitorExternal LogsTraps ESMAgent
Agent change events occur on the endpoint and include changes to content updates, licenses, software, connection status, one-time action rules, processes and services, and quarantined files.
MonitorExternal LogsTraps ESMConfig
ESM configuration change events include system-wide changes to licensing, administrative users and roles, processes, restriction settings, and conditions.
Panorama can correlate discrete security events on the endpoints with events on the network to trace any suspicious or malicious activity between the endpoints and the firewall. To view correlated events that Panorama identifies, see Monitor > Automated Correlation Engine > Correlated Events.
Ingest Traps ESM Logs on Panorama
Ingest Traps ESM Logs on Panorama Visibility is a critical first step in preventing and reducing the impact of an attack. To help you meet ...
Panorama > Log Ingestion Profile
Panorama > Log Ingestion Profile Use the log ingestion profile to enable Panorama to receive logs from external sources. In PAN-OS 8.0.0, Panorama (in Panorama ...
Monitor Panorama To monitor Panorama and its managed collectors, you can periodically view their System and Config logs ( filter logs by type), configure an ...
Collector Group Configuration
Collector Group Configuration To configure a Collector Group , click Add and complete the following fields. Collector Group Settings Configured In Description Name Panorama Collector ...
Interpret Correlated Events
Interpret Correlated Events You can view and analyze the logs generated for each correlated event in the Monitor Automated Correlation Engine Correlated Events tab. Correlated ...
General Log Collector Settings
General Log Collector Settings Panorama > Managed Collectors > General Configure the settings as described in the following table to identify a Log Collector and ...
Correlation Object A correlation object is a definition file that specifies patterns to match against, the data sources to use for the lookups, and time ...
Monitor > Automated Correlation Engine
Monitor > Automated Correlation Engine The automated correlation engine tracks patterns on your network and correlates events that indicate an escalation in suspicious behavior or ...
Automated Correlation Engine Concepts
Automated Correlation Engine Concepts The automated correlation engine uses correlation objects to analyze the logs for patterns and when a match occurs, it generates a ...