Threat Log filter by 'Name' field

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Threat Log filter by 'Name' field

L3 Networker

I've got a potential client that is trying to filter the threat log by the threat 'Name' field.  He wants to see all from a specific threat.

Normally you click on the item and it puts it in the filter bar but here when you click on the name you get a pop up with the details on that threat.  I've tried a bunch of combinations and can't find anything that will filter on the threat name.

Is there syntax for that field?  Another way to filter that traffic?

Thanks.

Matt

1 accepted solution

Accepted Solutions

L5 Sessionator

Agree with emr

You can alternatively just choose the Threat Id from the Available columns in the Threat logs as shown in the Snapshot.

Threats details can also be searched from the Threat Vault.

https://threatvault.paloaltonetworks.com/

Threat Logs.PNG

View solution in original post

5 REPLIES 5

L5 Sessionator

You can use Threat ID instead.

If you click threat Name, you can see threat detail.

This window contain threat ID.

You can use this as follow:

(threatid eq xxxxx)

Regards,

L5 Sessionator

Agree with emr

You can alternatively just choose the Threat Id from the Available columns in the Threat logs as shown in the Snapshot.

Threats details can also be searched from the Threat Vault.

https://threatvault.paloaltonetworks.com/

Threat Logs.PNG

L3 Networker

If I could do two correct answers I would've.  I had to choose and being lazy like all good net engineers, I chose the path of least resistance.  I added the column.  But, both worked and worked perfectly.

Thank you both!

L4 Transporter

There should be the capability to filter using text from the Name field also. If you want to search for, let's say, Microsoft vulnerabilities, you should be able to filter using the name field. This would allow an admin to find out what vulnerabilities are trying to be exploited and whether clients or servers have been patched for those vulnerabilities.

The inherent vice of capitalism is the unequal sharing of blessings; the inherent virtue of socialism is the equal sharing of miseries.

+1 for the ability to search on threat name and use some sort of wildcard language.

  • 1 accepted solution
  • 4757 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!