Saucepan

User Tools

Site Tools

Trace: stats_dump aws_transit_gateway userid azure vpn sfp pan_configurator vmware_workstation multicast multi_vsys
paloaltonetworks:logs:threat-logs

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
paloaltonetworks:logs:threat-logs [2020/06/04 09:12] – created bstaffordpaloaltonetworks:logs:threat-logs [2022/11/23 12:49] (current) – external edit 127.0.0.1
Line 6: Line 6:
 ===== Threats ===== ===== Threats =====
 <code>( subtype eq wildfire-virus ) and ( severity eq medium )</code> <code>( subtype eq wildfire-virus ) and ( severity eq medium )</code>
 +<code>( subtype eq ml-virus ) and ( severity eq medium )</code>
 <code>( subtype eq virus ) and ( severity eq medium )</code> <code>( subtype eq virus ) and ( severity eq medium )</code>
 <code>( subtype eq spyware ) and ( action eq sinkhole )</code> <code>( subtype eq spyware ) and ( action eq sinkhole )</code>
Line 18: Line 19:
  
 ===== Triggered by Zone Protection Profile ===== ===== Triggered by Zone Protection Profile =====
-<code>( subtype eq scan ) and ( name-of-threatid eq 'SCAN: Host Sweep' )</code>+<code>( subtype eq scan ) and ( name-of-threatid eq 'SCAN: Host Sweep' ) and ( severity eq medium)</code> 
 +<code>( subtype eq scan ) and ( name-of-threatid eq 'SCAN: TCP Port Scan' ) and ( severity eq medium)</code> 
 +<code>( subtype eq scan ) and ( name-of-threatid eq 'SCAN: UDP Port Scan' ) and ( severity eq medium)</code>
 <code>( subtype eq packet ) and ( name-of-threatid eq 'TCP SYN with data' ) and ( severity eq informational )</code> <code>( subtype eq packet ) and ( name-of-threatid eq 'TCP SYN with data' ) and ( severity eq informational )</code>
 <code>( subtype eq packet ) and ( name-of-threatid eq 'TCP SYN with data' ) and ( severity eq informational )</code> <code>( subtype eq packet ) and ( name-of-threatid eq 'TCP SYN with data' ) and ( severity eq informational )</code>
 <code>( subtype eq packet ) and ( name-of-threatid eq 'TCP Fast Open' ) and ( severity eq informational )</code> <code>( subtype eq packet ) and ( name-of-threatid eq 'TCP Fast Open' ) and ( severity eq informational )</code>
 +<code>( subtype eq packet ) and ( name-of-threatid eq 'IP Option Record Route' ) and ( severity eq informational )</code>
  
 ===== Zone Protection Profile - Flood Protection - ALERT ===== ===== Zone Protection Profile - Flood Protection - ALERT =====
Line 32: Line 36:
 <code>( subtype eq flood ) and ( name-of-threatid eq 'TCP Flood' ) and ( action eq drop ) and ( severity eq critical )</code> <code>( subtype eq flood ) and ( name-of-threatid eq 'TCP Flood' ) and ( action eq drop ) and ( severity eq critical )</code>
 <code>( subtype eq flood ) and ( name-of-threatid eq 'ICMP Flood' ) and ( action eq drop ) and ( severity eq critical )</code> <code>( subtype eq flood ) and ( name-of-threatid eq 'ICMP Flood' ) and ( action eq drop ) and ( severity eq critical )</code>
 +===== DoS Protection Profile/Policy ===== 
 +<code>( subtype eq flood ) and (name-of-threatid eq 'Session Limit Event') and ( action eq drop ) and ( severity eq critical )</code>
  
paloaltonetworks/logs/threat-logs.1591261963.txt.gz · Last modified: (external edit)