Alert mail for threat detection

Reply
Highlighted
L2 Linker

Alert mail for threat detection

Hello all,

 

I try to set up alert mail to prevent when my PA220 detects an threat (inboud attack for example).

 

I configured scheduled PDF reports (daily and weekly) but I want also be informed instantly when a threat is detecting ?

 

It is possible ?

 

Thank you in advance for your help.


Accepted Solutions
Highlighted
L4 Transporter

Re: Alert mail for threat detection

Yes, Do you have a logging option set on ALL your rules [ including the two default inter/intra zone ones ]

 

If so on 

 

Objects > Log Forward > [your YourLogFowardName ]

 

Create a log forward type "Threat" with a destination of e-mail...

 

You will probably want tor change the severity in the log filter section. 

 

 

Rob

 

 

 

View solution in original post


All Replies
Highlighted
L4 Transporter

Re: Alert mail for threat detection

Yes, Do you have a logging option set on ALL your rules [ including the two default inter/intra zone ones ]

 

If so on 

 

Objects > Log Forward > [your YourLogFowardName ]

 

Create a log forward type "Threat" with a destination of e-mail...

 

You will probably want tor change the severity in the log filter section. 

 

 

Rob

 

 

 

View solution in original post

Highlighted
L7 Applicator

Re: Alert mail for threat detection

@feelgood,

As @RobinClayton mentioned, you probably want to set the severity filter to avoid getting an alert on every single threat; generally I would advise that people run with at least the filter (severity geq medium) which would send you an alert for all medium and higher alerts. Some people like to set the filter to ((action neq alert) or (action neq allow)) but I personally find that to be too much when configuring an email profile. 

Highlighted
L2 Linker

Re: Alert mail for threat detection

Hi,

 

Thank you @BPry @RobinClayton for your help.

 

No, I don't have Log Settings set up on my rules. I will do that.

 

Just question : on my default intra-zone, I can't activate Log Settings :

 

feelgood_0-1582631303454.png

It can works yet ?

 

Thanks.

Highlighted
L4 Transporter

Re: Alert mail for threat detection

Select the rule , then find (OVERRIDE) Cog at the bottom o the page. This will allow you to change the log settings. 

 

Rob

Highlighted
L2 Linker

Re: Alert mail for threat detection

Hi,

 

Thanks a lot for your help.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!