Strata Cloud Manager
Report Templates: Advanced Threat Prevention
Table of Contents
Report Templates: Advanced Threat Prevention
Share reports within your organization, and schedule reports so that they’re delivered to
your email inbox—and your colleagues inboxes—at regular intervals (daily, weekly, or
monthly).
Use the Advanced Threat Prevention report to examine the threats detected on your network and
identify opportunities to strengthen your security posture. The report shows the
following details:
- The delta between the threats that are allowed and blocked by your security rules.
- The source IPs and users responsible for generating command and control (C2) traffic. Advanced Threat Prevention uses cloud-based engines and inline cloud analysis to detect and analyze traffic for unknown C2 and vulnerabilities. Using the Threat Search and Log Viewer, you can review the usage patterns of Source IP and analyze the threat sessions, download the packet capture and cloud report to get additional context and leverage Palo Alto Networks threat analytics data and improve your incident response processes.
- IPs targeted by vulnerability exploits. Advanced Threat Prevention uses cloud-based engines and inline cloud analysis to detect and analyze this traffic. Using Threat Search, you can review the usage patterns of the destination IP. Additionally, view logs to get context around the threat.
- The threat sessions that matched the security policy rule and see if you need to modify the policy rule to strengthen your security posture. You can further analyze the threats and matching rules in Activity Insights.
- To download, share, or schedule a report, select and select any of these icons.
![]()
If you’re scheduling a report, you’ll need to continue to define the report parameters including:- the Time Interval for which to gather data
- the Schedule Parameters, which is the frequency at which you’d like the report to be delivered (daily, weekly, or monthly).
Select the Scheduled Reports tab to view, edit, or delete the reports that have been scheduled to generate.You can choose to delete a scheduled report or edit the schedule.Select the History tab to view the list of reports generated in the past 30 days.
