Alert mail for threat detection

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Alert mail for threat detection

L2 Linker

Hello all,

 

I try to set up alert mail to prevent when my PA220 detects an threat (inboud attack for example).

 

I configured scheduled PDF reports (daily and weekly) but I want also be informed instantly when a threat is detecting ?

 

It is possible ?

 

Thank you in advance for your help.

1 accepted solution

Accepted Solutions

L4 Transporter

Yes, Do you have a logging option set on ALL your rules [ including the two default inter/intra zone ones ]

 

If so on 

 

Objects > Log Forward > [your YourLogFowardName ]

 

Create a log forward type "Threat" with a destination of e-mail...

 

You will probably want tor change the severity in the log filter section. 

 

 

Rob

 

 

 

View solution in original post

5 REPLIES 5

L4 Transporter

Yes, Do you have a logging option set on ALL your rules [ including the two default inter/intra zone ones ]

 

If so on 

 

Objects > Log Forward > [your YourLogFowardName ]

 

Create a log forward type "Threat" with a destination of e-mail...

 

You will probably want tor change the severity in the log filter section. 

 

 

Rob

 

 

 

@feelgood,

As @RobinClayton mentioned, you probably want to set the severity filter to avoid getting an alert on every single threat; generally I would advise that people run with at least the filter (severity geq medium) which would send you an alert for all medium and higher alerts. Some people like to set the filter to ((action neq alert) or (action neq allow)) but I personally find that to be too much when configuring an email profile. 

L2 Linker

Hi,

 

Thank you @BPry @RobinClayton for your help.

 

No, I don't have Log Settings set up on my rules. I will do that.

 

Just question : on my default intra-zone, I can't activate Log Settings :

 

feelgood_0-1582631303454.png

It can works yet ?

 

Thanks.

Select the rule , then find (OVERRIDE) Cog at the bottom o the page. This will allow you to change the log settings. 

 

Rob

L2 Linker

Hi,

 

Thanks a lot for your help.

  • 1 accepted solution
  • 4155 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!