Botnet Configuration Settings
- Monitor > Botnet > Configuration
To specify the types of traffic that indicate potential botnet
activity, click
Configuration
on the right
side of the Botnet
page and complete the following
fields. After configuring the report, you can run it on demand or
schedule it to run daily (see Monitor
> PDF Reports > Manage PDF Summary).The default Botnet report configuration is optimal. If
you believe the default values identify false positives, create
a support ticket so Palo Alto Networks can reevaluate the values.
Botnet Configuration Settings | Description |
---|---|
HTTP Traffic | Enable and define
the Count for each type of HTTP Traffic that
the report will include. The Count values
you enter are the minimum number of events of each traffic type
that must occur for the report to list the associated host with
a higher confidence score (higher likelihood of botnet infection).
If the number of events is less than the Count ,
the report will display the lower confidence score or (for certain
traffic types) won’t display an entry for the host.
|
Unknown Applications | Define the thresholds that determine whether
the report will include traffic associated with suspicious Unknown
TCP or Unknown UDP applications.
|
IRC | Select this option to include traffic involving
IRC servers. |
Recommended For You
Recommended Videos
Recommended videos not found.