Learn about Security Alerts
Table of Contents
Expand all | Collapse all
-
- Firewall and PAN-OS Support of IoT Security
- IoT Security Prerequisites
- Onboard IoT Security
- Onboard IoT Security on VM-Series with Software NGFW Credits
-
- DHCP Data Collection by Traffic Type
- Firewall Deployment Options for IoT Security
- Configure a Pre-PAN-OS 10.0 Firewall with a DHCP Server
- Configure a Pre-PAN-OS 10.0 Firewall for a Local DHCP Server
- Use a Tap Interface for DHCP Visibility
- Use a Virtual Wire Interface for DHCP Visibility
- Use SNMP Network Discovery to Learn about Devices from Switches
- Use Network Discovery Polling to Discover Devices
- Use ERSPAN to Send Mirrored Traffic through GRE Tunnels
- Use DHCP Server Logs to Increase Device Visibility
- Plan for Scaling when Your Firewall Serves DHCP
- Prepare Your Firewall for IoT Security
- Configure Policies for Log Forwarding
- Control Allowed Traffic for Onboarding Devices
- Support Isolated Network Segments
- IoT Security Integration with Prisma Access
- IoT Security Licenses
- Offboard IoT Security Subscriptions
-
- Introduction to IoT Security
- IoT Security Integration with Next-generation Firewalls
- IoT Security Portal
- Vertical-themed Portals
- Device-to-Site Mapping
- Sites and Site Groups
- Networks
- Network Segments Configuration
- Reports
- IoT Security Integration Status with Firewalls
- IoT Security Integration Status with Prisma Access
- Data Quality Diagnostics
- Authorize On-demand PCAP
- IoT Security Integrations with Third-party Products
- IoT Security and FedRAMP
Learn about Security Alerts
There are several ways to learn that a security alert
occurred.
There are several ways to learn about security alerts. IoT Security can
automatically notify you by text and email, depending on the methods you enable in your
account preferences. Even if you don’t have alert notifications enabled, you might still
be notified when another user assigns you an alert for investigation.
You can also learn of alerts in the IoT Security portal itself by checking the Alerts
section on the Security Dashboard, hovering over device names on the Devices page, and
by viewing the Security Alerts page.
A way to learn about alerts in the IoT Security portal is in the Alerts section on the Security
Dashboard. You can organize the alerts on display by severity (low, medium, high,
critical), status (detected, investigating, remediating, resolved), device category (for
example: audio streaming, IT server, point-of-sale system), or alert type (for example:
security risk, unsecure protocol, user policy). When viewing by severity, the numbers in
the Alerts column are clickable. Clicking one of them opens the AlertsSecurity AlertsAll Alerts page with a filter applied to show only the alerts matching the item you
clicked.
When you hover your cursor over a device name on the Devices
page, the IoT Security portal displays a pop-up panel with information
about the device, including a list of alerts if there are any. Clicking
one of the alert names opens the Alert Details page for it.
Click the name of an alert to open the Alert Details page in
a new browser window.
Security Alert and System Alert Notification
In addition to viewing security alerts in the IoT Security portal or being
notified to investigate an alert, IoT Security also sends email and text
notifications automatically when events trigger them. It does this for two types of
alerts:
- Security Alerts – These alerts pertain to the devices IoT Security is monitoring and are triggered by behavioral changes that indicate a potential attack. Here's an example of a security alert notification:Palo Alto Networks IoT Policy Alert for Super Micro Computer device: (Warning) SSH User Authentication Brute Force. This event indicates a brute force attack through multiple login attempts to an SSH server.System Alerts – These alerts pertain to next-generation firewalls. Currently only an outdated application content package triggers a system alert notification.IoT Security sends these notifications after a user with owner privileges enables them to be sent to all owners (enabled by default) or adds users to a list for notification on AdministrationNotification Management.The owner can add existing admin users by choosing them from a drop-down list that appears. These users receive notifications by email or text or both depending on their user preferences. The owner can also type in the individual email addresses or distribution lists of users whose email addresses share the same domain of one of the owners. (IoT Security rejects any address with a domain that's not shared by an owner.) These users receive notifications by email. If an owner disables Send to all the owners, then only those in the email lists will receive notifications.