Traps Data Collection
When a security event occurs on an endpoint, Traps collects data about the event to help you understand the event context. In addition to collecting data related to a specific event, Traps can perform continuous monitoring of all Windows endpoint activity. If you enable Behavioral Threat Protection or Enhanced Data Collection for EDR, Traps can use this information to identify and block malicious causality chains (sequences of events). The following topics describe the data Traps can collect in more detail:
Data Collected for All Security Events
When a security event occurs on an endpoint, Traps collects the following data and sends it to Traps management service.
|Absolute Timestamp||Kernel system time|
|Relative Timestamp||Uptime since the computer booted|
|Thread ID||ID of the originating thread|
|Process ID||ID of the originating process|
|Process Creation Time||Part of process unique ID per boot session (PID + creation time)|
|Sequence ID||Unique integer per boot session|
|Primary User SID||Unique identifier of the user|
|Impersonating User SID||Unique identifier of the impersonating user, if applicable|
Additional Data Collected
With behavioral threat protection and EDR data collection, Traps continuously monitors endpoint activity to identify malicious event chains identified by Palo Alto Networks. This can include any of the following events:
Traps sends statistics on connection close and periodically while connection is open
Traps 3.1 Administrator's Guide
Palo Alto Networks® Advanced Endpoint Protection Administrator’s Guide Version 3.1 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA ...
Traps 3.3.4 Release Notes
Traps™ 3.3.4 Release Notes Revision Date: July 14, 2016 Palo Alto Networks Traps is a full, preemptive solution that protects workstations, servers, and VDI ...
Traps 3.2.4 Release Notes
Traps™ 3.2.4 Release Notes Revision Date: February 5, 2016 This release note provides important information about each Traps 3.2 release. Traps 3.2 Release Information ...
Traps 4.0 Administrator's Guide
Traps Administrator's Guide 4.0 paloaltonetworks.com/documentation Contact Information Corporate Headquarters: Palo Alto Networks 3000 Tannery Way Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-support About the Documentation • ...
Traps 3.0 and 3.1 Release Notes
Advanced Endpoint Protection Release Notes Version 3.0 and 3.1 The Palo Alto Networks Advanced Endpoint Protection solution, is a full, preemptive solution that protects ...
Traps 3.2 New Features Guide
Palo Alto Networks Traps™ New Features Guide Version 3.2 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 ...