Is there a way to generate a custom report of users/sites that have entered credentials? I checked under the URL database but don't see a Credential Detected column there that I could pull in. Anyone have a method of generating a report from the phishing prevention feature?
While we do not have a report for this, we rely on the URL filtering and the threat and wildfire updates to prevent access to these types of sites. Most will have an 'Unknown' categorization which we block. Also we have an email gateway that is pretty good at filtering these types of messages out so our users hardly see them.
Probably not the answer you wer ehoping for.
Thanks for the reply!
We're using the IP user mapping method so we have a decent amount of false positives throughout the day. I was looking for a report so I could determine a path to start warning/blocking users without impacting legitimate users significantly.
If you use the block-pages, you can customize those so when users get them they see its from your company and not freak out.
Would something like that work?
This is an old post I just found because I tried to do the same thing. Has anyone put his in as a Feature Request or anyone from PAN here to say whether it's coming?
I can answer my own question, I just tried again but using the detailed URL logs and you can filter based on "flags has credential detected" and it works fine, at least for what I need, there is even a standard report "Credential Post Detected" which may do what you need.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!