11-30-2021 01:24 PM
Is there anyway to have the palo email me when a rule has been enabled for a certain period of time? If not, is there anyway to do it via API? There has to be a way, yes?
11-30-2021 03:00 PM
Hello,
While I dont know of any timers, you can setup a custom report to email you policies that have not been hit in say 30/90 days, etc. I'm sure a SIEM policy could be written for this however, depending on your SIEM.
Regards,
12-01-2021 08:23 AM
I can't even get this thing to email a report of user logon failures. I shouldn't be surprised that it can't email me when a rule has been enabled for a certain period of time.
12-01-2021 08:19 PM
The firewall's built-in reporting capabilities are pretty limited. You can get an email for authentication failures, but then it's sent for each authentication failure and not grouped in a report format like your hoping for. Stuff like that is honestly best done (with PAN hardware) through a SIEM like Splunk or the open-source Graylog or something similar.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
