https://live.paloaltonetworks.com/t5/general-topics/application-and-threat-summary-report/m-p/22218#M16188 <HTML><HEAD></HEAD><BODY><P>Hello <A href="https://live.paloaltonetworks.com/u1/22578">OmarKhan</A>,</P><P></P><P>I believe you trying to figure out the top 5 attackers (in terms of countries) in your threat summary report. If that is the case, we should look at the Top5 source country column. In threat logs as compared to traffic logs, the source (attacker) and destination (victim) definitions are flipped. In your case, <SPAN style="color: #3b3b3b; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;">10.0.0.0-10.255.255.255</SPAN> are IP addresses in your LAN network - 10.0.0.0/8 which are referred as victims.</P><P></P><P>For example:</P><P>Traffic log:</P><P><IMG alt="" class="jiveImage" height="127" src="https://live.paloaltonetworks.com/legacyfs/online/10352_pastedImage_0.png" style="width: 1124.86px; height: 127px;" width="1125" /></P><P></P><P></P><P>Threat log:</P><P><IMG alt="" class="jiveImage" height="136" src="https://live.paloaltonetworks.com/legacyfs/online/10354_pastedImage_2.png" style="width: 1124.27px; height: 136px;" width="1124" /></P><P></P><P>In the above example, 192.168.0.0-192.168.255.255 are being attacked by an IP address from US : 173.199.132.56</P><P></P><P>Hope that helps!</P><P></P><P></P><P>Thanks and regards,</P><P>Kunal Adak</P></BODY></HTML> Tue, 17 Dec 2013 19:25:44 GMT kadak 2013-12-17T19:25:44Z https://live.paloaltonetworks.com/t5/general-topics/application-and-threat-summary-report/m-p/22217#M16187 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P>i am confused a little bit when i found out that 10.0.0.0-10.255.255.255 is listed in Top 5 Destination country. What actually refers 10.0.0.0-10.255.255.255 in this instance?</P><P></P><P></P><P>Regards,</P></BODY></HTML> Tue, 17 Dec 2013 05:47:34 GMT https://live.paloaltonetworks.com/t5/general-topics/application-and-threat-summary-report/m-p/22217#M16187 OmarKhan 2013-12-17T05:47:34Z https://live.paloaltonetworks.com/t5/general-topics/application-and-threat-summary-report/m-p/22218#M16188 <HTML><HEAD></HEAD><BODY><P>Hello <A href="https://live.paloaltonetworks.com/u1/22578">OmarKhan</A>,</P><P></P><P>I believe you trying to figure out the top 5 attackers (in terms of countries) in your threat summary report. If that is the case, we should look at the Top5 source country column. In threat logs as compared to traffic logs, the source (attacker) and destination (victim) definitions are flipped. In your case, <SPAN style="color: #3b3b3b; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;">10.0.0.0-10.255.255.255</SPAN> are IP addresses in your LAN network - 10.0.0.0/8 which are referred as victims.</P><P></P><P>For example:</P><P>Traffic log:</P><P><IMG alt="" class="jiveImage" height="127" src="https://live.paloaltonetworks.com/legacyfs/online/10352_pastedImage_0.png" style="width: 1124.86px; height: 127px;" width="1125" /></P><P></P><P></P><P>Threat log:</P><P><IMG alt="" class="jiveImage" height="136" src="https://live.paloaltonetworks.com/legacyfs/online/10354_pastedImage_2.png" style="width: 1124.27px; height: 136px;" width="1124" /></P><P></P><P>In the above example, 192.168.0.0-192.168.255.255 are being attacked by an IP address from US : 173.199.132.56</P><P></P><P>Hope that helps!</P><P></P><P></P><P>Thanks and regards,</P><P>Kunal Adak</P></BODY></HTML> Tue, 17 Dec 2013 19:25:44 GMT https://live.paloaltonetworks.com/t5/general-topics/application-and-threat-summary-report/m-p/22218#M16188 kadak 2013-12-17T19:25:44Z