Use this page to view logs ingested from the Traps™
Endpoint Security Manager (ESM) into Log Collectors that are managed
by Panorama™. To view Traps ESM logs on Panorama, do the following:
On the Traps ESM server, configure
Panorama as a Syslog server and select the logging events to forward
to Panorama. The events can include security events, policy changes,
agent and ESM Server status changes, and changes to configuration settings.
External logs are not associated with a device group and are
visible only when you select
the logs are not forwarded from firewalls.
These threat events include all prevention,
notification, provisional, and post-detection events that are reported
by the Traps agents.
ESM Server system events include changes
related to ESM status, licenses, ESM Tech Support files, and communication
Policy change events include changes to
rules, protection levels, content updates, hash control logs, and
Agent change events occur on the endpoint
and include changes to content updates, licenses, software, connection
status, one-time action rules, processes and services, and quarantined
ESM configuration change events include
system-wide changes to licensing, administrative users and roles,
processes, restriction settings, and conditions.
Panorama can correlate discrete security events on the endpoints
with events on the network to trace any suspicious or malicious
activity between the endpoints and the firewall. To view correlated events
that Panorama identifies, see Monitor > Automated Correlation Engine > Correlated Events.