Threats Permitted
Table of Contents
Expand all | Collapse all
-
- Chassis Inventory
- Configuration Log Contents
- Content Update Counters
- CPU Load Sampling by Firewall Function
- CPU Utilization Statistics
- Crash and Trace Files
- Current Users per GlobalProtect Gateway
- Data-Management Plane Health Heartbeat
- Dataplane Link Utilization
- Device Connection Status
- Device Logging Health
- Device Time-Series Data
- DOS Block Table
- EDL Capacities
- Fan Speed Measurements
- Forwarding Information Base (FIB) Routing Health
- Front LED State
- Global Counters
- GlobalProtect Client Versions
- GlobalProtect Failure Connections
- GlobalProtect Gateway Connection Details
- GlobalProtect Gateway Connection Performance
- GlobalProtect Gateway Connection Protocols
- GlobalProtect Gateway Failure Details
- GlobalProtect Gateway Statistics
- GlobalProtect Gateway Tunnel Rates
- GlobalProtect Operating System Types
- GlobalProtect Portal Connection Failure
- GlobalProtect Portal Connection Success
- GlobalProtect Quarantined Devices
- GlobalProtect Successful Connections
- HA Health Errors
- Hardware Alarms
- Hardware and Software Pools
- Hardware Buffer Statistics
- Hardware Ports
- Hardware System Logs
- High Availability
- High Availability Backup Interfaces
- High Availability Interface 1
- High Availability Interface 2
- Ingress Backlogs
- IP Address to User Mapping Count
- Log Forwarding Data Transfer Speed
- Log Forwarding Generation Rate
- Log Receiver Statistics
- LogDB Quotas
- Logging Rate
- Logging Statistics
- Logging Status
- Managed Devices
- Management and Data Plane Logs
- Management to Data Plane Counters
- Maximum Concurrent GlobalProtect Gateway Tunnels
- Maximum Concurrent GlobalProtect Gateway Users
- Memory Pool Utilization Count
- NAT Pool Utilization
- netstat
- NSX Update Rate
- Octeon Chip Health
- Operational Command History
- Packet Buffer Protection
- Packet Scheduling Engine Performance
- PAN-DNS Cache Usage
- PAN-DNS End-to-End Response Time
- PAN-DNS Lookup Timeout
- PAN-OS Counters
- PAN-OS REST API Error Response
- PAN-OS REST API Performance Metrics
- PAN-OS XML API Error Response
- PAN-OS XML API Performance Metrics
- Panorama HA Health
- Panorama Log Reception Rate
- Panorama Logging Infra Health
- Power Supply Measurements
- QUMRAN Chip Health
- Registered IP Addresses
- Routing Resource
- Security Policy Usage and Hit Count
- Session Distribution
- Session Information
- Session Table Usage
- SMART Disk Information
- Software Buffer Statistics
- Software Log
- Software Update History
- SSL Decyrption Memory
- System Alarm History
- System Disk Utilization
- System Jobs
- System RAID
- System Resource Usage
- System State
- Temperature Measurements
- Traffic Blocked as Command and Control
- Traffic Blocked as Malware
- Traffic Blocked as Phishing
- URL Cache Statistics
- User-ID Agent State
- WildFire Statistics and Status
-
- ACC and Monitor Query History
- Anti-Spyware in Security Policies
- Antivirus in Security Policies
- Any App in Security Policies
- App-ID Adoption in Security Policies
- Application Blacklisting
- Application Override Policies
- Asymmetric Network Traffic
- Authentication Policy Usage
- Bidrectional Forwarding Detection Configuration
- Cisco ACI Plugin Configuration
- Credential Phishing in Security Policies
- Credential Phishing Protection Configuration
- Credential Phishing Protection Detection Method
- Custom Reports using Detailed Logs Databases
- Custom Vulnerability and Spyware Signatures
- DAG Security Policies
- Data Filtering in Security Policies
- Data Filtering Profiles
- Data Filtering Profiles by Data Pattern Type
- Decryption SSH Proxy Configuration
- Destination NAT Session Policies
- Device Geographic Location
- Device Group and Template Stack Usage
- Device Model Number
- Device Power On Hours
- DNS Proxy Adoption
- DNS Sinkhole Protection in Security Policies
- DoS Protection Adoption
- DoS Protection Threshold Frequency
- DSRI Enabled Security Policies
- Dynamic DNS Adoption
- ECMP Load Balancing
- EDL Configuration and Capacity
- File Blocking in Security Policies
- Firewall Resource Protection Adoption
- GlobalProtect Adoption
- GlobalProtect Clientless VPN Adoption
- GlobalProtect IPv6 Usage
- GlobalProtect Mobil App Adoption
- GlobalProtect on Linux Endpoints
- GlobalProtect Split Tunneling Adoption
- HA Heartbeat Backup
- HA Passive Link State
- HA1 and HA2 Backups
- High Risk URL Filtering Logs
- HIP Based Features
- HIP Based Policies
- IPSec Tunnel Monitoring
- Known User Security Policy Matching
- Large Scale VPN Configuration
- License Entitlements
- Link and Path Monitoring
- Log Collector Group Architecture
- Log Collector Redundancy Adoption
- Log Creation Policies
- Log Forwarding Adoption in Security Policies
- Log Forwarding Auto Tag
- Log Forwarding Profiles in Security Rules
- Log Forwarding Settings
- Log Quotas
- Log Retention Policy
- Logging Enablement in Security Policies
- Managed Devices Licenses
- Miscellaneous Object Usage Statistics
- Most Recent Threat Exceptions for all Threat Signatures
- NAT Configuration
- NetFlow Adoption
- NSX Automated Security Actions
- NSX Multi-Tenancy Configuration
- Number of Custom Reports
- PAN-OS REST API Usage
- PAN-OS XML API Usage
- Panorama Mode
- Panorama Plugins
- QoS Configuration
- Region Based Security Policies
- Route Table Size
- Routing Peers
- Rule Tagging
- Security Policies with File Blocking
- Service Ports and App IDs in Security Policies
- Severity Based Log Forwarding
- SNMP Version
- SSL Decrypt Configuration
- Support Licenses Installed
- Threat Exceptions by Threat ID
- Threat Prevention Policy
- Threatening SaaS Traffic
- Timezone and Timestamp
- Unused Predefined Reports
- URL Category Settings
- URL Filtering in Security Policies
- User Activity Report
- User-ID Adoption in Security Policies
- User-ID Mapping Sources
- User-ID to Include or Exclude User Mappings
- VM Monitoring
- VM Plugin Usage Statistics
- VMware NSX Plugin Configuration
- Vulnerability Protection in Security Policies
- WildFire Global Cloud Configuration
- WildFire in Security Policies
- WildFire Virus Threat Logs
- XML Configuration Size
- Zone Protection Adoption
-
- Attackers
- Attacking Countries
- Content and Threat Detection State
- Correlated Events
- Correlated Events Details
- Credential Theft
- Current Application ID Version
- Data Plane Statistics
- Decryption Usage
- DNS-Related Threat Logs
- Dynamic DNS
- File Identification
- Malware Sites
- Management Plane Statistics
- Non-Standard Port Usage
- PAN-DNS Threat Logs
- Parked Domains
- Phishing Sites
- Previous Application ID Version
- Proxy Avoidance and Anonymizers
- Questionable Sites
- Sanctioned Tag SaaS Usage
- System Information
- System Log
- Threat Inspection of Mobile Devices
- Threats Permitted
- Top Application Usage
- Top Threat IDs
- Uninspected Network Traffic
- Unknown Applications by Destination Address
- Unknown Applications by Destination Ports
- Unknown Sites
- Unknown TCP or UDP Traffic
Threats Permitted
Identifies threatening network traffic the firewall failed to block. Collects threat summary log records where the threat type was virus, vulnerability, wildfire-virus, or spyware; the threat severity was greater than or equal to medium; and the firewall's action was only to raise an alert.
Metric Details
|
Category
|
Threat Prevention
|
|
This metric can be used by applications. This metric can be used for threat research.
| |
|
Can identify a device.
| |
|
Once a week
| |
|
Introduced
|
Content version 8284
|
|
Telemetry Tier
|
Full
|
|
Equivalent CLI Command
|
pan_logquery -b -t thsum -q '(action eq alert) and (severity geq medium) and ( (threat-type eq virus) or (threat-type eq vulnerability) or (threat-type eq wildfire-virus) or (threat-type eq spyware) )' -n 5000 -e last-7-days
|