This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Alert mail for threat detection

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Alert mail for threat detection

Go to solution
feelgood
L2 Linker

‎02-21-2020 05:49 AM

Hello all,

 

I try to set up alert mail to prevent when my PA220 detects an threat (inboud attack for example).

 

I configured scheduled PDF reports (daily and weekly) but I want also be informed instantly when a threat is detecting ?

 

It is possible ?

 

Thank you in advance for your help.

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
RobinClayton
L4 Transporter

‎02-21-2020 08:45 AM

Yes, Do you have a logging option set on ALL your rules [ including the two default inter/intra zone ones ]

 

If so on 

 

Objects > Log Forward > [your YourLogFowardName ]

 

Create a log forward type "Threat" with a destination of e-mail...

 

You will probably want tor change the severity in the log filter section. 

 

 

Rob

 

 

 

View solution in original post

5 REPLIES 5

Go to solution
RobinClayton
L4 Transporter

‎02-21-2020 08:45 AM

Yes, Do you have a logging option set on ALL your rules [ including the two default inter/intra zone ones ]

 

If so on 

 

Objects > Log Forward > [your YourLogFowardName ]

 

Create a log forward type "Threat" with a destination of e-mail...

 

You will probably want tor change the severity in the log filter section. 

 

 

Rob

 

 

 

Go to solution
BPry
Cyber Elite
Cyber Elite
In response to RobinClayton

‎02-21-2020 01:40 PM

@feelgood,

As @RobinClayton mentioned, you probably want to set the severity filter to avoid getting an alert on every single threat; generally I would advise that people run with at least the filter (severity geq medium) which would send you an alert for all medium and higher alerts. Some people like to set the filter to ((action neq alert) or (action neq allow)) but I personally find that to be too much when configuring an email profile. 

Go to solution
feelgood
L2 Linker

‎02-25-2020 03:49 AM

Hi,

 

Thank you @BPry @RobinClayton for your help.

 

No, I don't have Log Settings set up on my rules. I will do that.

 

Just question : on my default intra-zone, I can't activate Log Settings :

 

feelgood_0-1582631303454.png

It can works yet ?

 

Thanks.

0 Likes Likes

Go to solution
RobinClayton
L4 Transporter
In response to feelgood

‎02-25-2020 07:44 AM

Select the rule , then find (OVERRIDE) Cog at the bottom o the page. This will allow you to change the log settings. 

 

Rob

Go to solution
feelgood
L2 Linker

‎02-26-2020 04:19 AM

Hi,

 

Thanks a lot for your help.

0 Likes Likes
  • 1 accepted solution
  • 4497 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks