I believe I know the answer, but wanting to make sure I understand. I am configuring log forwarding to a Varonis server for testing. I've been sending the traffic log, but Varonis will only process the Threat log.
I've configured the Threat in the Log forwarding profile, Vulnerability profie, etc and assigned it to my security rule, but my threat log is empty in general. I assuming this is because my device is unlicensed? Pa200 7.1.15. I guess I was hoping that something (anything) would go through.
Just checking if there are comments before I give up for now. :)
Solved! Go to Solution.
Agreed that without a license, you will not get the AV/Spyware/Vuln signature to match.
You could test with enabling Zone Protection Profile and DoS Protection Policies and force an attempted ping flood attack or port scan, or whatever... something that would "hit" as a threat in the logs, but does not require a licensed feature from PANW.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!