Threat log forwarding from unlicensed PA device?

Reply
Highlighted
L4 Transporter

Threat log forwarding from unlicensed PA device?

Hi folks,

I believe I know the answer, but wanting to make sure I understand.  I am configuring log forwarding to a Varonis server for testing.  I've been sending the traffic log, but Varonis will only process the Threat log.  

 

I've configured the Threat in the Log forwarding profile, Vulnerability profie, etc and assigned it to my security rule, but my threat log is empty in general.  I assuming this is because my device is unlicensed?  Pa200 7.1.15.  I guess I was hoping that something (anything) would go through.

 

Just checking if there are comments before I give up for now.  :)

 

pasyslog.jpg

Tags (1)
L4 Transporter

Re: Threat log forwarding from unlicensed PA device?

Agreed that without a license, you will not get the AV/Spyware/Vuln signature to match.

 

You could test with enabling Zone Protection Profile and DoS Protection Policies and force an attempted ping flood attack or port scan, or whatever... something that would "hit" as a threat in the logs, but does not require a licensed feature from PANW.

 

Thanks

L4 Transporter

Re: Threat log forwarding from unlicensed PA device?

I think you can forward the threat logs  without having the threat license.

L4 Transporter

Re: Threat log forwarding from unlicensed PA device?

Without a licence there are no threats to forward.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!