There are several ways that you could be alerted to
an incident depending on how you’ve configured the Palo Alto Networks
firewalls and which third-party tools are available for further
analysis. You might receive an email notification that was triggered
by a log entry recorded to Panorama or to your syslog server, or
you might be informed through a specialized report generated on
your SIEM solution, or a third-party paid service or agency might
notify you. For this example, let’s say that you receive an email notification
from Panorama. The email informs you of an event that was triggered
by an alert for a Zero Access gent.Gen Command And Control Traffic
that matched against a spyware signature. Also listed in the email
are the IP address of the source and destination for the session,
a threat ID and the timestamp of when the event was logged.