Firewall active sessions age

cancel
Showing results for 
Search instead for 
Did you mean: 

Firewall active sessions age

L1 Bithead

Does PAN OS has a feature to calculate session age for any active session  ? In particular looking from SOC point of view if they want to monitor long time period active sessions used by attackers to compromise security. 

I am not looking for session timeout or reasons for that, but a life span of active session running.

 

6 REPLIES 6

Cyber Elite
Cyber Elite

Hello,

I hope I understand your question correctly. You can look at the Session browser to see active sessions. This should be the info you are looking for.

 

Regards,

Cyber Elite
Cyber Elite

@PS007,

As @OtakarKlier said, this information is in the Session Browser in the GUI or the CLI. I would recommend writing a script that pulls the session table from the API and searches for any sessions that breach your SOCs criteria for investigation. 

Thanks @BPry@OtakarKlier 

I am looking for end time of session, Traffic & session browser log gives the start time of connection but if the session is ended or end time is not determined. I think the reason is the session state table removes any inactive sessions with announcing. Is there a way I can get session end time as well ?

Hello,

Set the policies to log at session end. It should do what you need.

 

Regards,

Log at session end in security policy helps in determining the final app-id as app goes through transformation, but not the session end time. 

Actually that is its purpose, logs when the session ends.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!