Hello;
My dashboard "All WildFire Events by Category" does not show activity other than benign, is there something I need to perform or enable in order to see deny activity?
PS I am using latest versions of the PA app.
Thank you,
-mi
The dashboard shows "Last 60 minutes" - hit the "Open in search" button and change to a larger scope - you may not have any Malicious files in the logs for the last hour
Thank you, however I had already done this, and went a day prior; still unable to see other than benign.
But are you sure there are any non-benign files?
Yes, my PA recently denied an inbound SMTP connection. I am able to see the returned email, but the action never appears on my Splunk dash.