10
Working With Data PaloAlto Training print.indd 120 PaloAlto Training print.indd 120 3/8/10 2:41 PM 3/8/10 2:41 PM

PaloAlto Training Print 120-129

  • Upload
    mayirm

  • View
    35

  • Download
    5

Embed Size (px)

DESCRIPTION

as

Citation preview

  • Working With Data

    PaloAlto Training print.indd 120PaloAlto Training print.indd 120 3/8/10 2:41 PM3/8/10 2:41 PM

  • Agenda

    Logs

    - Traffic Logs

    - Threat Logsg

    - URL Logs

    - Data Filtering Logs

    - Config and System Logs

    Reports

    - Custom Reports

    - Scheduled Email Reports

    Panorama Reports

    2009 Palo Alto Networks. Proprietary and Confidential 3.0-aPage 2 |

    PaloAlto Training print.indd 121PaloAlto Training print.indd 121 3/8/10 2:41 PM3/8/10 2:41 PM

  • Traffic Logs

    Anything logged from a Policy is viewed in the Traffic Logs

    By default, logs are generated at the end of a session

    2009 Palo Alto Networks. Proprietary and Confidential 3.0-a

    Threat Logs

    Anything logged from a AV, Sypware or Vulnerability Profiles are viewed in the Threat Logs

    2009 Palo Alto Networks. Proprietary and Confidential 3.0-a

    PaloAlto Training print.indd 122PaloAlto Training print.indd 122 3/8/10 2:41 PM3/8/10 2:41 PM

  • URL Filtering Log

    2009 Palo Alto Networks. Proprietary and Confidential 3.0-aPage 5 |

    Any actions triggered by a URL filtering Profile are recorded in the URL Filtering Log

    Data Filtering Log

    Any events triggered by File Blocking or Data Filtering Profiles are recorded in the Data Filtering Log

    2009 Palo Alto Networks. Proprietary and Confidential 3.0-aPage 6 |

    PaloAlto Training print.indd 123PaloAlto Training print.indd 123 3/8/10 2:41 PM3/8/10 2:41 PM

  • Log Details

    Details provide more information about the traffic in the log

    Useful data in this view includes:

    - Did the traffic undergo NAT?

    - Was the traffic SSL decrypted?

    - Ingress and egress interfaces

    - Was this a captive portal session?

    All Logs have details

    2009 Palo Alto Networks. Proprietary and Confidential 3.0-a

    Filters

    Can be dynamically built from log data

    Can be built using the filter editor

    Can be saved for later use

    2009 Palo Alto Networks. Proprietary and Confidential 3.0-a

    PaloAlto Training print.indd 124PaloAlto Training print.indd 124 3/8/10 2:42 PM3/8/10 2:42 PM

  • Configuration and System Logs

    Configuration logs track who changed what on the device

    System Logs track events that occurred on the system

    2009 Palo Alto Networks. Proprietary and Confidential 3.0-a

    Built In Reports

    2009 Palo Alto Networks. Proprietary and Confidential 3.0-a

    4 predefined categories of reports

    - Applications

    - Threats

    - URL Filtering

    - Traffic

    Each shows a 24 Hour period

    Report can be exported

    - PDF

    - .csv

    PaloAlto Training print.indd 125PaloAlto Training print.indd 125 3/8/10 2:42 PM3/8/10 2:42 PM

  • User Defined Reports

    5 Databases to pull from

    - Application Summary

    - Traffic log and summary

    - Threat log and summary

    Can pick columns to include and set their order

    Can build filter conditions of the data displayed

    2009 Palo Alto Networks. Proprietary and Confidential 3.0-a

    Working With Custom Reports

    2009 Palo Alto Networks. Proprietary and Confidential 3.0-aPage 12 |

    Gives most commonly blocked URLs for a user

    By changing the user name filter at run time the report is more flexible

    PaloAlto Training print.indd 126PaloAlto Training print.indd 126 3/8/10 2:42 PM3/8/10 2:42 PM

  • Summary Reports

    PDF Summary reports aggregate multiple reports into one document.

    2009 Palo Alto Networks. Proprietary and Confidential 3.0-a

    Select any reports from the built in or custom lists

    Arrange them on the page as needed

    Report Groups

    2009 Palo Alto Networks. Proprietary and Confidential 3.0-aPage 14 |

    PaloAlto Training print.indd 127PaloAlto Training print.indd 127 3/8/10 2:43 PM3/8/10 2:43 PM

  • Scheduling and Emailing Reports

    Specific report groups can be automatically generated and emailed as needed

    2009 Palo Alto Networks. Proprietary and Confidential 3.0-a

    Panorama Reporting

    Same range of reporting as individual devices

    Reports show an aggregate of data

    2009 Palo Alto Networks. Proprietary and Confidential 3.0-aPage 16 |

    Panorama

    Device A Device B

    PaloAlto Training print.indd 128PaloAlto Training print.indd 128 3/8/10 2:43 PM3/8/10 2:43 PM

  • Thank You

    PaloAlto Training print.indd 129PaloAlto Training print.indd 129 3/8/10 2:43 PM3/8/10 2:43 PM

    /ColorImageDict > /JPEG2000ColorACSImageDict > /JPEG2000ColorImageDict > /AntiAliasGrayImages false /CropGrayImages true /GrayImageMinResolution 300 /GrayImageMinResolutionPolicy /OK /DownsampleGrayImages true /GrayImageDownsampleType /Bicubic /GrayImageResolution 300 /GrayImageDepth -1 /GrayImageMinDownsampleDepth 2 /GrayImageDownsampleThreshold 1.50000 /EncodeGrayImages true /GrayImageFilter /DCTEncode /AutoFilterGrayImages true /GrayImageAutoFilterStrategy /JPEG /GrayACSImageDict > /GrayImageDict > /JPEG2000GrayACSImageDict > /JPEG2000GrayImageDict > /AntiAliasMonoImages false /CropMonoImages true /MonoImageMinResolution 1200 /MonoImageMinResolutionPolicy /OK /DownsampleMonoImages true /MonoImageDownsampleType /Bicubic /MonoImageResolution 1200 /MonoImageDepth -1 /MonoImageDownsampleThreshold 1.50000 /EncodeMonoImages true /MonoImageFilter /CCITTFaxEncode /MonoImageDict > /AllowPSXObjects false /CheckCompliance [ /None ] /PDFX1aCheck false /PDFX3Check false /PDFXCompliantPDFOnly false /PDFXNoTrimBoxError true /PDFXTrimBoxToMediaBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXSetBleedBoxToMediaBox true /PDFXBleedBoxToTrimBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXOutputIntentProfile () /PDFXOutputConditionIdentifier () /PDFXOutputCondition () /PDFXRegistryName () /PDFXTrapped /False

    /CreateJDFFile false /Description > /Namespace [ (Adobe) (Common) (1.0) ] /OtherNamespaces [ > /FormElements false /GenerateStructure false /IncludeBookmarks false /IncludeHyperlinks false /IncludeInteractive false /IncludeLayers false /IncludeProfiles false /MultimediaHandling /UseObjectSettings /Namespace [ (Adobe) (CreativeSuite) (2.0) ] /PDFXOutputIntentProfileSelector /DocumentCMYK /PreserveEditing true /UntaggedCMYKHandling /LeaveUntagged /UntaggedRGBHandling /UseDocumentProfile /UseDocumentBleed false >> ]>> setdistillerparams> setpagedevice