PaloAlto Training Print 120-129
description
Transcript of PaloAlto Training Print 120-129
-
Working With Data
PaloAlto Training print.indd 120PaloAlto Training print.indd 120 3/8/10 2:41 PM3/8/10 2:41 PM
-
Agenda
Logs
- Traffic Logs
- Threat Logsg
- URL Logs
- Data Filtering Logs
- Config and System Logs
Reports
- Custom Reports
- Scheduled Email Reports
Panorama Reports
2009 Palo Alto Networks. Proprietary and Confidential 3.0-aPage 2 |
PaloAlto Training print.indd 121PaloAlto Training print.indd 121 3/8/10 2:41 PM3/8/10 2:41 PM
-
Traffic Logs
Anything logged from a Policy is viewed in the Traffic Logs
By default, logs are generated at the end of a session
2009 Palo Alto Networks. Proprietary and Confidential 3.0-a
Threat Logs
Anything logged from a AV, Sypware or Vulnerability Profiles are viewed in the Threat Logs
2009 Palo Alto Networks. Proprietary and Confidential 3.0-a
PaloAlto Training print.indd 122PaloAlto Training print.indd 122 3/8/10 2:41 PM3/8/10 2:41 PM
-
URL Filtering Log
2009 Palo Alto Networks. Proprietary and Confidential 3.0-aPage 5 |
Any actions triggered by a URL filtering Profile are recorded in the URL Filtering Log
Data Filtering Log
Any events triggered by File Blocking or Data Filtering Profiles are recorded in the Data Filtering Log
2009 Palo Alto Networks. Proprietary and Confidential 3.0-aPage 6 |
PaloAlto Training print.indd 123PaloAlto Training print.indd 123 3/8/10 2:41 PM3/8/10 2:41 PM
-
Log Details
Details provide more information about the traffic in the log
Useful data in this view includes:
- Did the traffic undergo NAT?
- Was the traffic SSL decrypted?
- Ingress and egress interfaces
- Was this a captive portal session?
All Logs have details
2009 Palo Alto Networks. Proprietary and Confidential 3.0-a
Filters
Can be dynamically built from log data
Can be built using the filter editor
Can be saved for later use
2009 Palo Alto Networks. Proprietary and Confidential 3.0-a
PaloAlto Training print.indd 124PaloAlto Training print.indd 124 3/8/10 2:42 PM3/8/10 2:42 PM
-
Configuration and System Logs
Configuration logs track who changed what on the device
System Logs track events that occurred on the system
2009 Palo Alto Networks. Proprietary and Confidential 3.0-a
Built In Reports
2009 Palo Alto Networks. Proprietary and Confidential 3.0-a
4 predefined categories of reports
- Applications
- Threats
- URL Filtering
- Traffic
Each shows a 24 Hour period
Report can be exported
- PDF
- .csv
PaloAlto Training print.indd 125PaloAlto Training print.indd 125 3/8/10 2:42 PM3/8/10 2:42 PM
-
User Defined Reports
5 Databases to pull from
- Application Summary
- Traffic log and summary
- Threat log and summary
Can pick columns to include and set their order
Can build filter conditions of the data displayed
2009 Palo Alto Networks. Proprietary and Confidential 3.0-a
Working With Custom Reports
2009 Palo Alto Networks. Proprietary and Confidential 3.0-aPage 12 |
Gives most commonly blocked URLs for a user
By changing the user name filter at run time the report is more flexible
PaloAlto Training print.indd 126PaloAlto Training print.indd 126 3/8/10 2:42 PM3/8/10 2:42 PM
-
Summary Reports
PDF Summary reports aggregate multiple reports into one document.
2009 Palo Alto Networks. Proprietary and Confidential 3.0-a
Select any reports from the built in or custom lists
Arrange them on the page as needed
Report Groups
2009 Palo Alto Networks. Proprietary and Confidential 3.0-aPage 14 |
PaloAlto Training print.indd 127PaloAlto Training print.indd 127 3/8/10 2:43 PM3/8/10 2:43 PM
-
Scheduling and Emailing Reports
Specific report groups can be automatically generated and emailed as needed
2009 Palo Alto Networks. Proprietary and Confidential 3.0-a
Panorama Reporting
Same range of reporting as individual devices
Reports show an aggregate of data
2009 Palo Alto Networks. Proprietary and Confidential 3.0-aPage 16 |
Panorama
Device A Device B
PaloAlto Training print.indd 128PaloAlto Training print.indd 128 3/8/10 2:43 PM3/8/10 2:43 PM
-
Thank You
PaloAlto Training print.indd 129PaloAlto Training print.indd 129 3/8/10 2:43 PM3/8/10 2:43 PM
/ColorImageDict > /JPEG2000ColorACSImageDict > /JPEG2000ColorImageDict > /AntiAliasGrayImages false /CropGrayImages true /GrayImageMinResolution 300 /GrayImageMinResolutionPolicy /OK /DownsampleGrayImages true /GrayImageDownsampleType /Bicubic /GrayImageResolution 300 /GrayImageDepth -1 /GrayImageMinDownsampleDepth 2 /GrayImageDownsampleThreshold 1.50000 /EncodeGrayImages true /GrayImageFilter /DCTEncode /AutoFilterGrayImages true /GrayImageAutoFilterStrategy /JPEG /GrayACSImageDict > /GrayImageDict > /JPEG2000GrayACSImageDict > /JPEG2000GrayImageDict > /AntiAliasMonoImages false /CropMonoImages true /MonoImageMinResolution 1200 /MonoImageMinResolutionPolicy /OK /DownsampleMonoImages true /MonoImageDownsampleType /Bicubic /MonoImageResolution 1200 /MonoImageDepth -1 /MonoImageDownsampleThreshold 1.50000 /EncodeMonoImages true /MonoImageFilter /CCITTFaxEncode /MonoImageDict > /AllowPSXObjects false /CheckCompliance [ /None ] /PDFX1aCheck false /PDFX3Check false /PDFXCompliantPDFOnly false /PDFXNoTrimBoxError true /PDFXTrimBoxToMediaBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXSetBleedBoxToMediaBox true /PDFXBleedBoxToTrimBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXOutputIntentProfile () /PDFXOutputConditionIdentifier () /PDFXOutputCondition () /PDFXRegistryName () /PDFXTrapped /False
/CreateJDFFile false /Description > /Namespace [ (Adobe) (Common) (1.0) ] /OtherNamespaces [ > /FormElements false /GenerateStructure false /IncludeBookmarks false /IncludeHyperlinks false /IncludeInteractive false /IncludeLayers false /IncludeProfiles false /MultimediaHandling /UseObjectSettings /Namespace [ (Adobe) (CreativeSuite) (2.0) ] /PDFXOutputIntentProfileSelector /DocumentCMYK /PreserveEditing true /UntaggedCMYKHandling /LeaveUntagged /UntaggedRGBHandling /UseDocumentProfile /UseDocumentBleed false >> ]>> setdistillerparams> setpagedevice