Credential Theft
Table of Contents
Expand all | Collapse all
-
- Chassis Inventory
- Configuration Log Contents
- Content Update Counters
- CPU Load Sampling by Firewall Function
- CPU Utilization Statistics
- Crash and Trace Files
- Current Users per GlobalProtect Gateway
- Data-Management Plane Health Heartbeat
- Dataplane Link Utilization
- Device Connection Status
- Device Logging Health
- Device Time-Series Data
- DOS Block Table
- EDL Capacities
- Fan Speed Measurements
- Forwarding Information Base (FIB) Routing Health
- Front LED State
- Global Counters
- GlobalProtect Client Versions
- GlobalProtect Failure Connections
- GlobalProtect Gateway Connection Details
- GlobalProtect Gateway Connection Performance
- GlobalProtect Gateway Connection Protocols
- GlobalProtect Gateway Failure Details
- GlobalProtect Gateway Statistics
- GlobalProtect Gateway Tunnel Rates
- GlobalProtect Operating System Types
- GlobalProtect Portal Connection Failure
- GlobalProtect Portal Connection Success
- GlobalProtect Quarantined Devices
- GlobalProtect Successful Connections
- HA Health Errors
- Hardware Alarms
- Hardware and Software Pools
- Hardware Buffer Statistics
- Hardware Ports
- Hardware System Logs
- High Availability
- High Availability Backup Interfaces
- High Availability Interface 1
- High Availability Interface 2
- Ingress Backlogs
- IP Address to User Mapping Count
- Log Forwarding Data Transfer Speed
- Log Forwarding Generation Rate
- Log Receiver Statistics
- LogDB Quotas
- Logging Rate
- Logging Statistics
- Logging Status
- Managed Devices
- Management and Data Plane Logs
- Management to Data Plane Counters
- Maximum Concurrent GlobalProtect Gateway Tunnels
- Maximum Concurrent GlobalProtect Gateway Users
- Memory Pool Utilization Count
- NAT Pool Utilization
- netstat
- NSX Update Rate
- Octeon Chip Health
- Operational Command History
- Packet Buffer Protection
- Packet Scheduling Engine Performance
- PAN-DNS Cache Usage
- PAN-DNS End-to-End Response Time
- PAN-DNS Lookup Timeout
- PAN-OS Counters
- PAN-OS REST API Error Response
- PAN-OS REST API Performance Metrics
- PAN-OS XML API Error Response
- PAN-OS XML API Performance Metrics
- Panorama HA Health
- Panorama Log Reception Rate
- Panorama Logging Infra Health
- Power Supply Measurements
- QUMRAN Chip Health
- Registered IP Addresses
- Routing Resource
- Security Policy Usage and Hit Count
- Session Distribution
- Session Information
- Session Table Usage
- SMART Disk Information
- Software Buffer Statistics
- Software Log
- Software Update History
- SSL Decyrption Memory
- System Alarm History
- System Disk Utilization
- System Jobs
- System RAID
- System Resource Usage
- System State
- Temperature Measurements
- Traffic Blocked as Command and Control
- Traffic Blocked as Malware
- Traffic Blocked as Phishing
- URL Cache Statistics
- User-ID Agent State
- WildFire Statistics and Status
-
- ACC and Monitor Query History
- Anti-Spyware in Security Policies
- Antivirus in Security Policies
- Any App in Security Policies
- App-ID Adoption in Security Policies
- Application Blacklisting
- Application Override Policies
- Asymmetric Network Traffic
- Authentication Policy Usage
- Bidrectional Forwarding Detection Configuration
- Cisco ACI Plugin Configuration
- Credential Phishing in Security Policies
- Credential Phishing Protection Configuration
- Credential Phishing Protection Detection Method
- Custom Reports using Detailed Logs Databases
- Custom Vulnerability and Spyware Signatures
- DAG Security Policies
- Data Filtering in Security Policies
- Data Filtering Profiles
- Data Filtering Profiles by Data Pattern Type
- Decryption SSH Proxy Configuration
- Destination NAT Session Policies
- Device Geographic Location
- Device Group and Template Stack Usage
- Device Model Number
- Device Power On Hours
- DNS Proxy Adoption
- DNS Sinkhole Protection in Security Policies
- DoS Protection Adoption
- DoS Protection Threshold Frequency
- DSRI Enabled Security Policies
- Dynamic DNS Adoption
- ECMP Load Balancing
- EDL Configuration and Capacity
- File Blocking in Security Policies
- Firewall Resource Protection Adoption
- GlobalProtect Adoption
- GlobalProtect Clientless VPN Adoption
- GlobalProtect IPv6 Usage
- GlobalProtect Mobil App Adoption
- GlobalProtect on Linux Endpoints
- GlobalProtect Split Tunneling Adoption
- HA Heartbeat Backup
- HA Passive Link State
- HA1 and HA2 Backups
- High Risk URL Filtering Logs
- HIP Based Features
- HIP Based Policies
- IPSec Tunnel Monitoring
- Known User Security Policy Matching
- Large Scale VPN Configuration
- License Entitlements
- Link and Path Monitoring
- Log Collector Group Architecture
- Log Collector Redundancy Adoption
- Log Creation Policies
- Log Forwarding Adoption in Security Policies
- Log Forwarding Auto Tag
- Log Forwarding Profiles in Security Rules
- Log Forwarding Settings
- Log Quotas
- Log Retention Policy
- Logging Enablement in Security Policies
- Managed Devices Licenses
- Miscellaneous Object Usage Statistics
- Most Recent Threat Exceptions for all Threat Signatures
- NAT Configuration
- NetFlow Adoption
- NSX Automated Security Actions
- NSX Multi-Tenancy Configuration
- Number of Custom Reports
- PAN-OS REST API Usage
- PAN-OS XML API Usage
- Panorama Mode
- Panorama Plugins
- QoS Configuration
- Region Based Security Policies
- Route Table Size
- Routing Peers
- Rule Tagging
- Security Policies with File Blocking
- Service Ports and App IDs in Security Policies
- Severity Based Log Forwarding
- SNMP Version
- SSL Decrypt Configuration
- Support Licenses Installed
- Threat Exceptions by Threat ID
- Threat Prevention Policy
- Threatening SaaS Traffic
- Timezone and Timestamp
- Unused Predefined Reports
- URL Category Settings
- URL Filtering in Security Policies
- User Activity Report
- User-ID Adoption in Security Policies
- User-ID Mapping Sources
- User-ID to Include or Exclude User Mappings
- VM Monitoring
- VM Plugin Usage Statistics
- VMware NSX Plugin Configuration
- Vulnerability Protection in Security Policies
- WildFire Global Cloud Configuration
- WildFire in Security Policies
- WildFire Virus Threat Logs
- XML Configuration Size
- Zone Protection Adoption
-
- Attackers
- Attacking Countries
- Content and Threat Detection State
- Correlated Events
- Correlated Events Details
- Credential Theft
- Current Application ID Version
- Data Plane Statistics
- Decryption Usage
- DNS-Related Threat Logs
- Dynamic DNS
- File Identification
- Malware Sites
- Management Plane Statistics
- Non-Standard Port Usage
- PAN-DNS Threat Logs
- Parked Domains
- Phishing Sites
- Previous Application ID Version
- Proxy Avoidance and Anonymizers
- Questionable Sites
- Sanctioned Tag SaaS Usage
- System Information
- System Log
- Threat Inspection of Mobile Devices
- Threats Permitted
- Top Application Usage
- Top Threat IDs
- Uninspected Network Traffic
- Unknown Applications by Destination Address
- Unknown Applications by Destination Ports
- Unknown Sites
- Unknown TCP or UDP Traffic
Credential Theft
Collects information on the firewall's credential theft policy usage. Examines URL logs for traffic where credentials are presented, and collects information about the username, destination zone, the action the firewall took in response to the traffic, the application in use, and the URL used for the traffic. Also identifies the security and profiles used by the firewall to determine the action that it took for this traffic.