Visibility on Custom Threat Names
Table of Contents
10.0 (EoL)
Expand all | Collapse all
-
- Automatic Content Updates Through Offline Panorama
- Enhanced Authentication for Dedicated Log Collectors and WildFire Appliances
- Syslog Forwarding Using Ethernet Interfaces
- Increased Configuration Size for Panorama
- Access Domain Enhancements for Multi-Tenancy
- Enhanced Performance for Panorama Query and Reporting
- Log Query Debugging
- Configurable Key Limits in Scheduled Reports
- Multiple Plugin Support for Panorama
End-of-Life (EoL)
Visibility on Custom Threat Names
Custom spyware and vulnerability threat objects are now
written on the firewall logging and reporting.
You can create custom spyware and vulnerability
threat objects with a custom Threat ID on Panorama on a per-device
group level and pushed to managed firewall. In PAN-OS 10.0, maps
custom Threat IDs to the corresponding custom threat object name
on the firewall and enables the firewall to generate a threat log
populated with the configured custom Threat ID. By mapping the custom
Threat IDs to the threat object name on the firewall, you provide enhanced
monitoring and visibility in to your threat data by allowing you
to correlate network events with specific custom threat objects.
For
this example, we will configure a custom vulnerability object.
- Log in to the Panorama Web Interface.
- Configure the custom vulnerability object.
- Select ObjectsCustom ObjectsVulnerability and select the appropriate Device Group.
- Add a new custom vulnerability object.
- Enter the custom Threat ID.
- Enter a descriptive Name for the custom vulnerability object.
- Select the Severity to indicate the seriousness of the threat.
- Select the Direction to indicate whether the threat is assessed from client to server, server to client, or both.
- Configure any additional settings for the custom vulnerability object.
- Select the Signatures tab and Add a new signature for the custom vulnerability object.
- Click OK to save your configuration changes.
- Click Commit and Commit and Push your configuration changes.
- After your firewalls have processed traffic, select MonitorThreat and export the threat log as a CSV.
- Navigate to the Threat/Content ID field to review whether a network threat incident was logged against the custom vulnerability object you created. See Threat Log Fields for more information on the threat syslog field descriptions.