Palo Alto Firewall: Reports using Graphical User Interface
The section is about Palo Alto Firewall report, including palo alto panorama, through ACC tab and PDF Reports in Monitor tab. The objective is to get consolidated ACC (Application Command Center) graphical view report.
For management presentation perspective, we can get graphical reports of all pre populated widgets separately. To achieve this, Use the ‘export’ option on ACC tab, it will give representation of all available widgets, marked in red.
Now, for example, if we want to get consolidated report of all widget group itself, i.e. we would like to run a monthly comprehensive graphs (daily, monthly, quarterly or yearly ).To get reports, we would like to get informed about the top attackers, top victim, top vulnerability, wild fire submissions, virus and C7C.
Configure a report group and scheduled for email delivery, under Monitor-PDF Reports- Email scheduler to get customized reports. Further within the group of reports, we can further customized it and add all other templates that requires and schedules for an email receive.
Similarly, If we would like to create a new widget group and add all specifically required widgets in the group. We can get it through ACC tab and then add global filters into it, then select ‘export’ option.
Furthermore, other specific required widgets can be added by “+” tab within ACC tab.
We can view custom range for all widgets or selected widgets by selecting Custom option in ACC tab.
From above, we have obtained what we expected. Now if we want individual usage of resources, just load template or make yours under ‘Monitor-manage custom reports’ and click on ‘run now’.
To run particular users activities on paloalto networks, we can achieve this by configuring in Monitor-PDF Reports-user activity report.
Similarly, SAAS application usage can also be monitored by configuring report in SAAS application usage.
In addition to all, Palo Alto Firewall powerful reporting features include specific counter based features as well:
Till now, we have created a custom widget in ACC; report-group includes both individual and scheduled reports for email delivery.
Now with AutoFocus; Besides the above mention graphical view scenarios, one of the another best graphical overview is of Autofocus threat intelligence view after enabling AutoFocus threat intelligence. Be remember, this needs active AutoFocus subscription to view. It helps us to find risk of using most known objects such as:
• IP Address
• User agent
• Threat name (virus and wildfire-virus)
• SHA-256 hash (WildFire Submissions logs).
we can View Traffic, Threat, URL Filtering, Wildfire Submissions, Data Filtering, and Unified logs through option Monitor > Logs.
AutoFocus checks the following tags:
• Private Tags—This is only visible when we have valid support contract with PaloAlto support account .
• Public Tags—Available for all AutoFocus users.
• Unit 42 Tags— Unit 42 is the Palo Alto Networks threat intelligence cell to Identify threats which could be a direct security risk.These tags are created by
• Informational Tags—based on Unit 42 findings that identified as commodity threats.
In addition, we can use command for more specific detail of any threat by using command:
>show threat id 3002599