Device > Setup > Telemetry
Table of Contents
Expand all | Collapse all
-
- Objects > Addresses
- Objects > Address Groups
- Objects > Regions
- Objects > Dynamic User Groups
- Objects > Application Groups
- Objects > Application Filters
- Objects > Services
- Objects > Service Groups
- Objects > External Dynamic Lists
- Objects > Custom Objects > Spyware/Vulnerability
- Objects > Custom Objects > URL Category
- Objects > Security Profiles > Antivirus
- Objects > Security Profiles > Anti-Spyware Profile
- Objects > Security Profiles > Vulnerability Protection
- Objects > Security Profiles > File Blocking
- Objects > Security Profiles > WildFire Analysis
- Objects > Security Profiles > Data Filtering
- Objects > Security Profiles > DoS Protection
- Objects > Security Profiles > GTP Protection
- Objects > Security Profiles > SCTP Protection
- Objects > Security Profile Groups
- Objects > Log Forwarding
- Objects > Authentication
- Objects > Decryption > Forwarding Profile
- Objects > Schedules
-
-
- Firewall Interfaces Overview
- Common Building Blocks for Firewall Interfaces
- Common Building Blocks for PA-7000 Series Firewall Interfaces
- Tap Interface
- HA Interface
- Virtual Wire Interface
- Virtual Wire Subinterface
- PA-7000 Series Layer 2 Interface
- PA-7000 Series Layer 2 Subinterface
- PA-7000 Series Layer 3 Interface
- Layer 3 Interface
- Layer 3 Subinterface
- Log Card Interface
- Log Card Subinterface
- Decrypt Mirror Interface
- Aggregate Ethernet (AE) Interface Group
- Aggregate Ethernet (AE) Interface
- Network > Interfaces > VLAN
- Network > Interfaces > Loopback
- Network > Interfaces > Tunnel
- Network > Interfaces > SD-WAN
- Network > VLANs
- Network > Virtual Wires
-
- Network > Network Profiles > GlobalProtect IPSec Crypto
- Network > Network Profiles > IPSec Crypto
- Network > Network Profiles > IKE Crypto
- Network > Network Profiles > Monitor
- Network > Network Profiles > Interface Mgmt
- Network > Network Profiles > QoS
- Network > Network Profiles > LLDP Profile
- Network > Network Profiles > SD-WAN Interface Profile
-
-
- Device > Setup
- Device > Setup > Management
- Device > Setup > Interfaces
- Device > Setup > Telemetry
- Device > Setup > Content-ID
- Device > Setup > WildFire
- Device > Log Forwarding Card
- Device > Config Audit
- Device > Administrators
- Device > Admin Roles
- Device > Access Domain
- Device > Authentication Sequence
-
- Security Policy Match
- QoS Policy Match
- Authentication Policy Match
- Decryption/SSL Policy Match
- NAT Policy Match
- Policy Based Forwarding Policy Match
- DoS Policy Match
- Routing
- Test Wildfire
- Threat Vault
- Ping
- Trace Route
- Log Collector Connectivity
- External Dynamic List
- Update Server
- Test Cloud Logging Service Status
- Test Cloud GP Service Status
- Device > Virtual Systems
- Device > Shared Gateways
- Device > Certificate Management
- Device > Certificate Management > Certificate Profile
- Device > Certificate Management > OCSP Responder
- Device > Certificate Management > SSL/TLS Service Profile
- Device > Certificate Management > SCEP
- Device > Certificate Management > SSL Decryption Exclusion
- Device > Response Pages
- Device > Server Profiles
- Device > Server Profiles > SNMP Trap
- Device > Server Profiles > Syslog
- Device > Server Profiles > Email
- Device > Server Profiles > HTTP
- Device > Server Profiles > NetFlow
- Device > Server Profiles > RADIUS
- Device > Server Profiles > TACACS+
- Device > Server Profiles > LDAP
- Device > Server Profiles > Kerberos
- Device > Server Profiles > SAML Identity Provider
- Device > Server Profiles > DNS
- Device > Server Profiles > Multi Factor Authentication
- Device > Local User Database > Users
- Device > Local User Database > User Groups
- Device > Scheduled Log Export
- Device > Software
- Device > Dynamic Updates
- Device > Licenses
- Device > Support
-
- Network > GlobalProtect > MDM
- Network > GlobalProtect > Device Block List
- Network > GlobalProtect > Clientless Apps
- Network > GlobalProtect > Clientless App Groups
- Objects > GlobalProtect > HIP Profiles
-
- Use the Panorama Web Interface
- Context Switch
- Panorama Commit Operations
- Defining Policies on Panorama
- Log Storage Partitions for a Panorama Virtual Appliance in Legacy Mode
- Panorama > Setup > Interfaces
- Panorama > High Availability
- Panorama > Administrators
- Panorama > Admin Roles
- Panorama > Access Domains
- Panorama > Device Groups
- Panorama > Plugins
- Panorama > Log Ingestion Profile
- Panorama > Log Settings
- Panorama > Scheduled Config Export
End-of-Life (EoL)
Device > Setup > Telemetry
Telemetry is the process of collecting and transmitting
data for analysis. When you enable telemetry on the firewall, the
firewall collects and forwards data that includes information on
applications, threats, device health, and passive DNS to Palo Alto
Networks. All Palo Alto Networks users benefit from the data that
each telemetry participant shares, making telemetry a community-driven
approach to threat prevention. Learn more about telemetry and its benefits
.
Telemetry is an opt-in feature and, for most telemetry data,
you can preview the information that the firewall collects. Palo
Alto Networks does not share your telemetry data with other customers
or third-party organizations.
Select DeviceSetupTelemetry to choose telemetry
data to share with Palo Alto Networks. The Threat Prevention Data
and Threat Prevention Packet Captures reports provide Palo Alto
Networks more visibility into your network traffic than other telemetry
reports.
Telemetry Settings | Description |
---|---|
Report Sample | Click a report sample ( A
report can consist of multiple reports:
A
report sample does not display any entries if the firewall did not find
any matching traffic for the report. You can only generate a new report
sample when you restart the firewall. |
Application Reports (Disabled by default) | Share the number and size of known applications
grouped by destination port, unknown applications grouped by destination port,
and unknown applications grouped by destination IP address. The
firewall generates these reports from Traffic logs. When enabled,
the firewall forwards Application Reports every 4 hours. |
Threat Prevention Reports (Disabled
by default) | Share the number of threats for each source
country and destination port, attacker information, and the correlation
objects that threat events triggered when the firewall was collecting
data for these reports. When enabled, the firewall forwards
Threat Prevention Reports every 4 hours. |
URL Reports (Disabled by default) | Share reports generated from URL filtering
logs with the following PAN-DB URL categories: malware, phishing,
dynamic DNS, proxy-avoidance, questionable, parked, and unknown
(URLs that PAN-DB has not yet categorized). The firewall also sends
PAN-DB statistics at the time that the data for the URL Reports
was collected. These statistics include the version of the URL filtering
database on the firewall and on the PAN-DB cloud, the number of
URLs in those databases, and the number of URLs that the firewall
categorized. These statistics are based on the time that the firewall
forwarded the URL Reports. When enabled, the firewall forwards
URL Reports every 4 hours. |
File Type Identification Reports (Disabled
by default) | Share reports about files that the firewall
allowed or blocked based on data filtering When enabled, the
firewall forwards File Type Identification Reports every 4 hours. |
Threat Prevention Data (Disabled by default) | Share logs from threat events that triggered
signatures that Palo Alto Networks is evaluating. The collected
information may include source or victim IP addresses. Enabling
this option also allows unreleased signatures—that Palo Alto Networks
is currently testing—to run in the background. These signatures
do not affect your security policy rules and firewall logs and have
no impact to your firewall performance. When enabled, the
firewall forwards Threat Prevention Data every 5 minutes. Click Download
Threat Prevention Data ( |
Threat Prevention Packet Captures (Disabled
by default) | Share packet captures (if you enabled your
firewall to take threat packet captures When
enabled, the firewall forwards Threat Prevention Packet Captures
every 5 minutes. To enable Threat Prevention
Packet Captures, you must also enable Threat Prevention Data. |
Product Usage Statistics (Disabled
by default) | Share back traces of firewall processes
that have failed, as well as information about the firewall status.
Back traces outline the execution history of the failed processes.
Product Usage Statistics also include details about the firewall
model and the PAN-OS and content release versions installed on your
firewall. To view the information that the firewall sends
as Product Usage Statistics, enter the following operational CLI
command: show system info When
enabled, the firewall forwards Product Usage Statistics every 5
minutes. |
Passive DNS Monitoring (Disabled by default) | Allow the firewall to act as a passive DNS
sensor and send DNS information to Palo Alto Networks for analysis.
The data you share through passive DNS monitoring consists
solely of domain-to-IP address mappings. The Palo Alto Networks
threat research team uses this information to improve PAN-DB URL
category and DNS-based C2 signature accuracy and WildFire malware
detection. Passive DNS monitoring is a global setting that applies
to all firewall traffic. When enabled, the firewall forwards
Passive DNS Monitoring data in 1MB batches. |
Select All | Enable all telemetry settings. |
Deselect All | Disable all telemetry settings. |