Re: Palo Alto Networks - threats and webfiltering

mjcocat · ‎05-17-2013

I followed the instructions for setting up the Palo Alto app, and things seem to be working OK with the exception of certain logs. I have nothing showing up for threats and/or web filtering. I know for a fact that the rule I am logging has blocked certain websites.

darlas · ‎06-20-2014

I have a similar issue but with the Content and Wildfire dashboards not showing any data. I have data on the Overview, Traffic and Threat dashboards.

Any ideas?

mjcocat · ‎05-17-2013

The problem was that I didn't enable the threat logs on the PA, just traffic logs. Thanks for the follow up!

monzy · ‎05-17-2013

can you find the threat log or the web traffic log when you do search ? e.g. what do you get results when you run the following search in the search bar
index=pan_logs threat | head 100

if you don't get any results then a change has to be made on the firewall side to send the appropriate logs. if you do get results and you are not seeing anything in a dashboard, then please share a couple of log lines so we can confirm that they match what the app expects.

Palo Alto Networks - threats and webfiltering

Detecting Remote Code Executions With the Splunk Threat Research Team

Observability | Use Synthetic Monitoring for Website Metadata Verification

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk