https://live.paloaltonetworks.com/t5/general-topics/exfiltration-detection/m-p/148790#M49648 <P>Hi all,</P><P>&nbsp;</P><P>Accoding my experience, it's not possible in the palo.</P><P>But what you can do is exporting logs in SIEM and create your own report in SIEM.</P><P>If you want to take action, use the XML API between SIEM and Palo.</P><P>&nbsp;</P><P>hope help.</P><P>&nbsp;</P><P>Rgds</P> Wed, 22 Mar 2017 08:28:07 GMT VinceM 2017-03-22T08:28:07Z https://live.paloaltonetworks.com/t5/general-topics/exfiltration-detection/m-p/148733#M49636 <P>Has anyone&nbsp;set up a PAN alert for egress bandwidth utilization? For example: If any internal host transfers more than (x) GB in (y) Minutes to the Internet - throw an alert.&nbsp;</P> Tue, 21 Mar 2017 21:12:43 GMT https://live.paloaltonetworks.com/t5/general-topics/exfiltration-detection/m-p/148733#M49636 BrendanOConnell 2017-03-21T21:12:43Z https://live.paloaltonetworks.com/t5/general-topics/exfiltration-detection/m-p/148790#M49648 <P>Hi all,</P><P>&nbsp;</P><P>Accoding my experience, it's not possible in the palo.</P><P>But what you can do is exporting logs in SIEM and create your own report in SIEM.</P><P>If you want to take action, use the XML API between SIEM and Palo.</P><P>&nbsp;</P><P>hope help.</P><P>&nbsp;</P><P>Rgds</P> Wed, 22 Mar 2017 08:28:07 GMT https://live.paloaltonetworks.com/t5/general-topics/exfiltration-detection/m-p/148790#M49648 VinceM 2017-03-22T08:28:07Z