topic log types supported by expedition in Expedition Discussions https://live.paloaltonetworks.com/t5/expedition-discussions/log-types-supported-by-expedition/m-p/260278#M1538 <P>We all know expedition is able to make use of traffic logs.</P> <P>But it's not clear which data from those logs are used ? I know it suggest app-id, but what about user-id(groups) ?</P> <P>PA have many more types of logs:</P> <P>auth, data, thread, traffic, tunnel, url, wildfire.</P> <P>Because one of the expedition outputs - rules, i believe it could make use of url and auth logs.</P> <P>But does it ?</P> <P>&nbsp;</P> <P>I'd like to see expedition to suggest</P> <UL> <LI>users/groups to security policy rules</LI> <LI>custon URL categories</LI> <LI>decryption and authentication rules(could be tricky)</LI> </UL> <P>P.S. I <span class="lia-unicode-emoji" title=":red_heart:">❤️</span>PA expedition</P> Wed, 08 May 2019 18:37:42 GMT Laimonas 2019-05-08T18:37:42Z log types supported by expedition https://live.paloaltonetworks.com/t5/expedition-discussions/log-types-supported-by-expedition/m-p/260278#M1538 <P>We all know expedition is able to make use of traffic logs.</P> <P>But it's not clear which data from those logs are used ? I know it suggest app-id, but what about user-id(groups) ?</P> <P>PA have many more types of logs:</P> <P>auth, data, thread, traffic, tunnel, url, wildfire.</P> <P>Because one of the expedition outputs - rules, i believe it could make use of url and auth logs.</P> <P>But does it ?</P> <P>&nbsp;</P> <P>I'd like to see expedition to suggest</P> <UL> <LI>users/groups to security policy rules</LI> <LI>custon URL categories</LI> <LI>decryption and authentication rules(could be tricky)</LI> </UL> <P>P.S. I <span class="lia-unicode-emoji" title=":red_heart:">❤️</span>PA expedition</P> Wed, 08 May 2019 18:37:42 GMT https://live.paloaltonetworks.com/t5/expedition-discussions/log-types-supported-by-expedition/m-p/260278#M1538 Laimonas 2019-05-08T18:37:42Z Re: log types supported by expedition https://live.paloaltonetworks.com/t5/expedition-discussions/log-types-supported-by-expedition/m-p/260437#M1540 <P>only analyzes the traffic logs for now - to optimize for both app-ID and user-ID information. You will need to create a user-ID connector to mine the user-ID to IP mappings to enable the machine learning and rule enrichment to make security policy recommendations to further tighten access.</P> <P>&nbsp;</P> <P>No plans yet to make use of the other logs, the primary use cases are to focus on how to utilize app-ID and user-ID to reduce the access control footprints.</P> Thu, 09 May 2019 17:09:11 GMT https://live.paloaltonetworks.com/t5/expedition-discussions/log-types-supported-by-expedition/m-p/260437#M1540 sjanita 2019-05-09T17:09:11Z