Palo Alto BotNet Reports

Reply
Highlighted

Palo Alto BotNet Reports

Hi!

I've got a question about BotNet reports available on Palo Alto firewalls. Maybe someone has an experience on how accurate they are, what logic they are using and how to better tune them to display more precise information?

At this point I have all default settings configured. But I have noticed that some of the web sites categorized by Palo Alto as malicious or malware are just web-ad banners and are not so critical. If web-ads are blocked by our firewall policy will it result on BotNet report behavior?

Thank you in advance.

Best regards,

Andrejs Cvetkovs

L7 Applicator

Re: Palo Alto BotNet Reports

The web banner agencies are a vector of attack that malicious actors are using now.  They purchase ads from these legitimate vendors and get malicious links sent out via these ad services.  The specific services will come on and off the list as actual malicious links are detected and removed the same way that a compromised legitimate web site gets onto the list.

The botnet report is letting you know activity to sites that are on the malicious link list.  They may or may not be actually compromised it requires follow up.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

Re: Palo Alto BotNet Reports

Thank you very much for your response, Steven!

I think it also answers the question regarding report configuration tuning, it all depends on after how many visits I want entry to be added to report.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!