HTTP Headers in Threat Log?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

HTTP Headers in Threat Log?

L2 Linker

Hi,

 

is there any possibility to see the HTTP Headers in Threat Log? For example i want to protect a shared hosting environment and on the threat log ( vulnerability profile, WordPress Login BruteForce Attempt) i can only see "wp-login.php" as the "URL" and not "www.example.com/wp-login.phh" (see screenshot)TP-Log.png

I can already configure advanced HTTP Header Logging for URL Profile but it is also possible for other security profiles?

 

Thanks.

1 accepted solution

Accepted Solutions

On your threat log details top right there should be "Session ID".

Take this number and go to URL log.

Use following filter but replace number with your session id:

(sessionid eq 480652)

 

Do you see any log entries?

As there is limited number of session id numbers then they are reused so look in same time range when threat happened.

 

I can see url in threat log output with 7.0.3 for example.

 

threat.PNG

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

View solution in original post

3 REPLIES 3

L2 Linker

I think you want to enable the setting as below. Note this will increase the amount of data logged

 

Untitled.png

 

On your threat log details top right there should be "Session ID".

Take this number and go to URL log.

Use following filter but replace number with your session id:

(sessionid eq 480652)

 

Do you see any log entries?

As there is limited number of session id numbers then they are reused so look in same time range when threat happened.

 

I can see url in threat log output with 7.0.3 for example.

 

threat.PNG

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

L2 Linker

Hi,

 

thanks for your help.

 

I have just checked my URL Profile - after setting every URL Category to "alert" i can now see the full URL in Threat Log.

 

The Header Options in URL Profile were already set.

 

 

  • 1 accepted solution
  • 2713 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!