Session Information Sharing
Where Can I Use
This? | What Do I Need? |
-
Prisma Access (Managed by Strata Cloud Manager)
-
Prisma Access (Managed by Panorama)
-
NGFW (Managed by Strata Cloud Manager)
-
NGFW (Managed by PAN-OS or Panorama)
-
VM-Series
-
CN-Series
|
-
Advanced WildFire License
For Prisma Access, this is usually included with your
Prisma Access license.
|
In addition to forwarding unknown and blocked samples for analysis,
the firewall also forwards information about the network session
for a sample. Palo Alto Networks uses session information to learn
more about the context of the suspicious network event, indicators
of compromise related to the malware, affected hosts and clients,
and applications used to deliver the malware.
Forward of session information is enabled by default; however,
you can adjust the default settings and choose what type of session
information is forwarded to one of the WildFire cloud options.
Session Information Sharing (Cloud Management)
If you’re using Panorama to manage Prisma Access:
Toggle over to the PAN-OS tab
and follow the guidance there.
If you’re using Prisma Access Cloud Management, continue here.
- Use the credentials associated with your Palo Alto Networks support account and
log in to the Strata Cloud Manager application on the hub.
- Select and configure your Session Information
Settings options.
Source IP—Forward the source
IP address that sent the unknown file.
Source Port—Forward the source port
that sent the unknown file.
Destination IP—Forward the destination
IP address for the unknown file.
Destination Port—Forward the destination
port for the unknown file.
Virtual System—Forward the virtual
system that detected the unknown file.
Application—Forward the user application
that transmitted the unknown file.
User—Forward the targeted user.
URL—Forward the URL associated with
the unknown file.
Filename—Forward the name of the unknown
file.
Email sender—Forward the sender of
an unknown email link (the name of the email sender also appears
in WildFire logs and reports).
Email recipient—Forward the recipient
of an unknown email link (the name of the email recipient also appears
in WildFire logs and reports).
Email subject—Forward the subject
of an unknown email link (the email subject also appears in WildFire
logs and reports).
- Save your changes.
Session Information Sharing (PAN-OS & Panorama)
- Log in to the PAN-OS web interface.
- Select and select or clear
the following Session Information Settings options.
Source IP—Forward the source
IP address that sent the unknown file.
Source Port—Forward the source port
that sent the unknown file.
Destination IP—Forward the destination
IP address for the unknown file.
Destination Port—Forward the destination
port for the unknown file.
Virtual System—Forward the virtual
system that detected the unknown file.
Application—Forward the user application
that transmitted the unknown file.
User—Forward the targeted user.
URL—Forward the URL associated with
the unknown file.
Filename—Forward the name of the unknown
file.
Email sender—Forward the sender of
an unknown email link (the name of the email sender also appears
in WildFire logs and reports).
Email recipient—Forward the recipient
of an unknown email link (the name of the email recipient also appears
in WildFire logs and reports).
Email subject—Forward the subject
of an unknown email link (the email subject also appears in WildFire
logs and reports).
- Click OK to save your changes.