Palo Alto Firewall Graphical User Interface Customized Reports

The section is about Graphical report through ACC tab and PDF Reports in Monitor tab. The objective is to get consolidated ACC (Application Command Center) graphical view report for management presentation perspective.

So, if we want graphical reports of all pre populated widgets separately, Use the ‘export’ option on ACC tab, it will give representation of all available widgets, marked in red.

Now, for example, if we want a consolidated of all widget group itself, i.e. we like to run a monthly comprehensive graphs (daily, monthly, quarterly or yearly ) for management in which we would like to show that what were the top attacker, top victim, top vulnerability, wild fire submissions, virus and C7C .
To achieve this, Configure a report group and scheduled for email delivery, under Monitor-PDF Reports- Email scheduler to get customized reports; further within the group of reports, we can further customized it and add all other templates that requires and schedules for an email receive.

If we want to create a new widget group and add all specifically required widgets in the group, we can get it through ACC tab and then add global filters into it, then select ‘export’ option.

Further, other specific required widgets can be added by “+” tab within ACC tab.

We can view custom range for all widgets or selected widgets by selecting Custom option in ACC tab.

From above, we have obtained what we expected. Now if we want individual usage of resources, just load template or make yours under ‘Monitor-manage custom reports’ and click on ‘run now’.

Or if we want to run particular users activities on paloalto networks, we can achieve this by configuring in Monitor-PDF Reports-user activity report

Similarly, SAAS application usage can also be monitored by configuring report in SAAS application usage

In addition to all, Palo Alto powerful reporting features include specific counter based features as well:

We have created a custom widget in ACC; report-group includes both individual and scheduled reports for email delivery.

AutoFocus; Besides the above mention graphical view scenarios, one of the another best graphical overview is of Autofocus threat intelligence view after enabling AutoFocus threat intelligence. Be remember, this needs active AutoFocus subscription to view. It helps us to find risk of using most known objects such as:
• IP Address
• Domain
• User agent
• Threat name (virus and wildfire-virus)
• Filename
• SHA-256 hash (WildFire Submissions logs)

Monitor > Logs is the option where we can View Traffic, Threat, URL Filtering, Wildfire Submissions, Data Filtering, and Unified logs

AutoFocus checks the following tags:

• Private Tags—This is only visible when we have valid support contract with PaloAlto support account .
• Public Tags—Available for all AutoFocus users.
• Unit 42 Tags— Unit 42 is the Palo Alto Networks threat intelligence cell to Identify threats which could be a direct security risk. These tags are created by
• Informational Tags—based on Unit 42 findings that identified as commodity threats.

In addition, we can use command for more specific detail of any threat by using command

>show threat id 3002599


Leave a Reply

Your email address will not be published. Required fields are marked *

Latest Posts By ahson


Network Security


, , , , , , , , ,