This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Security alerts section empty

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Security alerts section empty

Go to solution
PRyncevic
L2 Linker

‎08-09-2022 02:17 AM

Hello, we ran into an issue where the AIOPs page for the firewalls has the security alerts and recommendations missing.

 

Other sections seem to be OK and displaying health alerts and data, but this one is empty.

 

On a call a Palo engineer said that this is known to the AIOPs backend team and we need to open a case and have it routed to the backend, but going through a case normally, the support engineers are taking a long time and then in the end sending us to the LiveCommunity website.

 

Does anyone know how to resolve this and get in touch with the people that can fix this?



Please note you are posting a public message where community members and experts can provide assistance. Sharing private information such as serial numbers or company information is not recommended.
1 person had this problem.
Preview file
37 KB
0 Likes Likes
3 accepted solutions

Accepted Solutions

Go to solution
lr
L3 Networker
In response to lr

‎08-10-2022 12:53 PM

Hello @PRyncevic,


As per the update from the backend team, there are no alerts that have been generated from the firewall and only health alerts are generated.


Also as they are updating the security alerts from the backend the alerts till 10-Aug-2022 will be deleted and the new alerts will be generated from 11-Aug-2022


Please be noted that the alert tab will show the alerts maximum of 90 days and the summary page will show the alerts maximum of 30 days.

 

Regards,
Likith R
Product Specialist
Palo Alto Networks
https://live.paloaltonetworks.com/t5/aiops-for-ngfw-discussions/bd-p/AIOps_for_NGFW_Discussions
*Don’t forget to accept the solution provided!*

 

View solution in original post

0 Likes Likes

Go to solution
PRyncevic
L2 Linker

‎08-15-2022 06:29 AM

Well the issue came back in another way. The security alerts appeared, but telemetry stopped. The telemetry completely stopped at around the same time (08/12 ~1AM) across several unrelated environments, firewalls and tenants. _No changes were done to telemetry_.

 

Please forward this to the AIOPs backend.

View solution in original post

Preview file
15 KB
Preview file
66 KB
0 Likes Likes

Go to solution
lr
L3 Networker
In response to lr

‎08-19-2022 12:28 PM

Hello @PRyncevic,

 

As per the update from the backend team, The Alerts and its "Last Alert Updated" would not be updated if there is no change in severity.

 

Regards,
Likith R
Product Specialist
Palo Alto Networks
https://live.paloaltonetworks.com/t5/aiops-for-ngfw-discussions/bd-p/AIOps_for_NGFW_Discussions
*Don’t forget to accept the solution provided!*

View solution in original post

17 REPLIES 17

Go to solution
lr
L3 Networker

‎08-09-2022 09:47 AM

Hello @PRyncevic,

- I need the following data to help you further

 

1. Please share the screenshot of the alerts tab in the left navigation panel of the summary page.

2. Please let me know that were there any alerts previously present before in the security alerts tab.

3. Please confirm whether the devices are successfully onboarded and sending the data

 

Note: If you want this information to be confidential you can revert to me back in private.

 

Regards,
Likith R
Product Specialist
Palo Alto Networks
https://live.paloaltonetworks.com/t5/aiops-for-ngfw-discussions/bd-p/AIOps_for_NGFW_Discussions
*Don’t forget to accept the solution provided!*







 

0 Likes Likes

Go to solution
PRyncevic
L2 Linker

‎08-09-2022 10:15 AM

Hey Likith,

 

Please find attached the screenshot. It's empty, it was not populated before, but these devices are sending data, I can see health alerts and the adoption pie chart, but the security alert section is empty and does not fill up.

 

Thank you

 

 

Preview file
67 KB
0 Likes Likes

Go to solution
svenkatarama
L3 Networker
In response to PRyncevic

‎08-09-2022 12:05 PM

Hi @PRyncevic -

 

In a Panorama-managed environment, the product looks at the config information from Panorama to create security alerts. 

 

If the Panorama itself is not sending telemetry in this case, please turn on telemetry from Panorama (make sure all 3 checkboxes are on under Settings>Telemetry) and this information should start appearing.

 

0 Likes Likes

Go to solution
PRyncevic
L2 Linker
In response to svenkatarama

‎08-10-2022 03:16 AM

This is a panorama unmanaged firewall cluster

0 Likes Likes

Go to solution
lr
L3 Networker
In response to lr

‎08-10-2022 09:08 AM

Hello @PRyncevic,

 

Could you please share the screenshot of the health alerts page?

 

Regards,
Likith R
Product Specialist
Palo Alto Networks
https://live.paloaltonetworks.com/t5/aiops-for-ngfw-discussions/bd-p/AIOps_for_NGFW_Discussions
*Don’t forget to accept the solution provided!*
 

0 Likes Likes

Go to solution
PRyncevic
L2 Linker
In response to lr

‎08-10-2022 09:18 AM

 
Preview file
126 KB
0 Likes Likes

Go to solution
lr
L3 Networker
In response to lr

‎08-10-2022 12:53 PM

Hello @PRyncevic,


As per the update from the backend team, there are no alerts that have been generated from the firewall and only health alerts are generated.


Also as they are updating the security alerts from the backend the alerts till 10-Aug-2022 will be deleted and the new alerts will be generated from 11-Aug-2022


Please be noted that the alert tab will show the alerts maximum of 90 days and the summary page will show the alerts maximum of 30 days.

 

Regards,
Likith R
Product Specialist
Palo Alto Networks
https://live.paloaltonetworks.com/t5/aiops-for-ngfw-discussions/bd-p/AIOps_for_NGFW_Discussions
*Don’t forget to accept the solution provided!*

 

0 Likes Likes

Go to solution
PRyncevic
L2 Linker
In response to lr

‎08-11-2022 01:50 AM

>>> there are no alerts that have been generated from the firewall and only health alerts are generated.

 

There are definitely security alerts that should be generated as the firewall is absolutely not following every Palo best practice. This was the core of the issue because security alerts should be there.

 

>> Also as they are updating the security alerts from the backend the alerts till 10-Aug-2022 will be deleted and the new alerts will be generated from 11-Aug-2022

 

I was informed of this by Palo support as well. Fingers crossed that this works today.

0 Likes Likes

Go to solution
PRyncevic
L2 Linker

‎08-11-2022 08:23 AM

Looks like the backend people fixed this across the board. Tons of security alerts now

0 Likes Likes

Go to solution
PRyncevic
L2 Linker

‎08-15-2022 06:29 AM

Well the issue came back in another way. The security alerts appeared, but telemetry stopped. The telemetry completely stopped at around the same time (08/12 ~1AM) across several unrelated environments, firewalls and tenants. _No changes were done to telemetry_.

 

Please forward this to the AIOPs backend.

Preview file
15 KB
Preview file
66 KB
0 Likes Likes

Go to solution
lr
L3 Networker
In response to PRyncevic

‎08-15-2022 09:58 AM

Hello @PRyncevic,

 

Please check whether the telemetry is enabled and sent successfully on all the devices and if there is any error please share the screenshot.

 

Regards,
Likith R
Product Specialist
Palo Alto Networks
https://live.paloaltonetworks.com/t5/aiops-for-ngfw-discussions/bd-p/AIOps_for_NGFW_Discussions
*Don’t forget to accept the solution provided!*

0 Likes Likes

Go to solution
PRyncevic
L2 Linker
In response to lr

‎08-15-2022 10:03 AM

Telemetry is enabled and successfully sending data according to the devices' telemetry tabs. Since it all stopped at the same time, for unrelated tenants and devices, seems like a backend issue

0 Likes Likes

Go to solution
lr
L3 Networker
In response to PRyncevic

‎08-15-2022 12:08 PM

Hello @PRyncevic,

 

Please log in to one of the firewalls CLI and execute the below command and attach the screenshot of the same and wait for some time and check whether the telemetry is received in the AIOps instance. 
-> request device-telemetry collect-now

 

 

Regards,
Likith R
Product Specialist
Palo Alto Networks
https://live.paloaltonetworks.com/t5/aiops-for-ngfw-discussions/bd-p/AIOps_for_NGFW_Discussions
*Don’t forget to accept the solution provided!*

0 Likes Likes

Go to solution
PRyncevic
L2 Linker

‎08-17-2022 02:33 AM

Tried the command yesterday, no luck.

 

See below, the firewalls are sending successfully, it is arriving on the AIOPs portal but security alerts are not updated. Last update from Aug 11

Preview file
13 KB
Preview file
8 KB
Preview file
61 KB
Preview file
81 KB
0 Likes Likes
  • 3 accepted solutions
  • 15575 Views
  • 17 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks