Security alerts section empty

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Security alerts section empty

L2 Linker

Hello, we ran into an issue where the AIOPs page for the firewalls has the security alerts and recommendations missing.

 

Other sections seem to be OK and displaying health alerts and data, but this one is empty.

 

On a call a Palo engineer said that this is known to the AIOPs backend team and we need to open a case and have it routed to the backend, but going through a case normally, the support engineers are taking a long time and then in the end sending us to the LiveCommunity website.

 

Does anyone know how to resolve this and get in touch with the people that can fix this?



Please note you are posting a public message where community members and experts can provide assistance. Sharing private information such as serial numbers or company information is not recommended.
3 accepted solutions

Accepted Solutions

L3 Networker

Hello @PRyncevic,


As per the update from the backend team, there are no alerts that have been generated from the firewall and only health alerts are generated.


Also as they are updating the security alerts from the backend the alerts till 10-Aug-2022 will be deleted and the new alerts will be generated from 11-Aug-2022


Please be noted that the alert tab will show the alerts maximum of 90 days and the summary page will show the alerts maximum of 30 days.

 

Regards,
Likith R
Product Specialist
Palo Alto Networks
https://live.paloaltonetworks.com/t5/aiops-for-ngfw-discussions/bd-p/AIOps_for_NGFW_Discussions
*Don’t forget to accept the solution provided!*

 

View solution in original post

L2 Linker

Well the issue came back in another way. The security alerts appeared, but telemetry stopped. The telemetry completely stopped at around the same time (08/12 ~1AM) across several unrelated environments, firewalls and tenants. _No changes were done to telemetry_.

 

Please forward this to the AIOPs backend.

View solution in original post

L3 Networker

Hello @PRyncevic,

 

As per the update from the backend team, The Alerts and its "Last Alert Updated" would not be updated if there is no change in severity.

 

Regards,
Likith R
Product Specialist
Palo Alto Networks
https://live.paloaltonetworks.com/t5/aiops-for-ngfw-discussions/bd-p/AIOps_for_NGFW_Discussions
*Don’t forget to accept the solution provided!*

View solution in original post

17 REPLIES 17

L3 Networker

Hello @PRyncevic,

- I need the following data to help you further

 

1. Please share the screenshot of the alerts tab in the left navigation panel of the summary page.

2. Please let me know that were there any alerts previously present before in the security alerts tab.

3. Please confirm whether the devices are successfully onboarded and sending the data

 

Note: If you want this information to be confidential you can revert to me back in private.

 

Regards,
Likith R
Product Specialist
Palo Alto Networks
https://live.paloaltonetworks.com/t5/aiops-for-ngfw-discussions/bd-p/AIOps_for_NGFW_Discussions
*Don’t forget to accept the solution provided!*







 

L2 Linker

Hey Likith,

 

Please find attached the screenshot. It's empty, it was not populated before, but these devices are sending data, I can see health alerts and the adoption pie chart, but the security alert section is empty and does not fill up.

 

Thank you

 

 

Hi @PRyncevic -

 

In a Panorama-managed environment, the product looks at the config information from Panorama to create security alerts. 

 

If the Panorama itself is not sending telemetry in this case, please turn on telemetry from Panorama (make sure all 3 checkboxes are on under Settings>Telemetry) and this information should start appearing.

 

This is a panorama unmanaged firewall cluster

L3 Networker

Hello @PRyncevic,

 

Could you please share the screenshot of the health alerts page?

 

Regards,
Likith R
Product Specialist
Palo Alto Networks
https://live.paloaltonetworks.com/t5/aiops-for-ngfw-discussions/bd-p/AIOps_for_NGFW_Discussions
*Don’t forget to accept the solution provided!*
 

 

L3 Networker

Hello @PRyncevic,


As per the update from the backend team, there are no alerts that have been generated from the firewall and only health alerts are generated.


Also as they are updating the security alerts from the backend the alerts till 10-Aug-2022 will be deleted and the new alerts will be generated from 11-Aug-2022


Please be noted that the alert tab will show the alerts maximum of 90 days and the summary page will show the alerts maximum of 30 days.

 

Regards,
Likith R
Product Specialist
Palo Alto Networks
https://live.paloaltonetworks.com/t5/aiops-for-ngfw-discussions/bd-p/AIOps_for_NGFW_Discussions
*Don’t forget to accept the solution provided!*

 

>>> there are no alerts that have been generated from the firewall and only health alerts are generated.

 

There are definitely security alerts that should be generated as the firewall is absolutely not following every Palo best practice. This was the core of the issue because security alerts should be there.

 

>> Also as they are updating the security alerts from the backend the alerts till 10-Aug-2022 will be deleted and the new alerts will be generated from 11-Aug-2022

 

I was informed of this by Palo support as well. Fingers crossed that this works today.

L2 Linker

Looks like the backend people fixed this across the board. Tons of security alerts now

L2 Linker

Well the issue came back in another way. The security alerts appeared, but telemetry stopped. The telemetry completely stopped at around the same time (08/12 ~1AM) across several unrelated environments, firewalls and tenants. _No changes were done to telemetry_.

 

Please forward this to the AIOPs backend.

Hello @PRyncevic,

 

Please check whether the telemetry is enabled and sent successfully on all the devices and if there is any error please share the screenshot.

 

Regards,
Likith R
Product Specialist
Palo Alto Networks
https://live.paloaltonetworks.com/t5/aiops-for-ngfw-discussions/bd-p/AIOps_for_NGFW_Discussions
*Don’t forget to accept the solution provided!*

Telemetry is enabled and successfully sending data according to the devices' telemetry tabs. Since it all stopped at the same time, for unrelated tenants and devices, seems like a backend issue

Hello @PRyncevic,

 

Please log in to one of the firewalls CLI and execute the below command and attach the screenshot of the same and wait for some time and check whether the telemetry is received in the AIOps instance. 
-> request device-telemetry collect-now

 

 

Regards,
Likith R
Product Specialist
Palo Alto Networks
https://live.paloaltonetworks.com/t5/aiops-for-ngfw-discussions/bd-p/AIOps_for_NGFW_Discussions
*Don’t forget to accept the solution provided!*

L2 Linker

Tried the command yesterday, no luck.

 

See below, the firewalls are sending successfully, it is arriving on the AIOPs portal but security alerts are not updated. Last update from Aug 11

  • 3 accepted solutions
  • 16010 Views
  • 17 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!