topic Re: Best/Most Efficient way to view exact URLs in General Topics

Best/Most Efficient way to view exact URLs

bafergel — Thu, 03 Jun 2021 16:59:28 GMT

We're currently in the process of moving over from Cisco to Palo and are still trying to work through everything.

We currently have a URL profile attached to every policy and the only actions we have on categories are allow and deny. Should we set everything to at least alert so that they would appear in the URL Filtering logs?

Is there a way to view what URL a client is going to within the threat logs? I know you can see the URL category in the threat logs but I can't find a way to see the actual URL they went to like what is displayed in the URL Filtering logs?

Re: Best/Most Efficient way to view exact URLs

bafergel — Thu, 03 Jun 2021 17:00:56 GMT

Correction, meant traffic logs instead of threat logs

Re: Best/Most Efficient way to view exact URLs

Remo — Fri, 04 Jun 2021 01:39:31 GMT

Hi @bafergel

You wrote the solution already. To see the urls the clients are going to, you have to set the action in the url filtering profile to alert for all the categories.

Re: Best/Most Efficient way to view exact URLs

ethiSEC — Fri, 04 Jun 2021 04:34:36 GMT

As @Retired Member said you need to set the action to alert. I generally have a URL filtering profile called URL-Alert where most actions are alert so I can monitor what's going on. I find this is very helpful when trying to build a tighter policy as the URL filtering engine allows you to see most FQDNs that are being requested.

Even on an alert profile I always set categories such as phishing, c2, malware et al to block as a layer of protection.