09-24-2020 10:20 AM
I have a server that connects every 10 minutes to an SFTP server. I would ideally like to know when it is done for the day. So I setup an email server profile and started on a Log Forwarding object. It does not really have to be a log, just and email that says "Oi the server is done for the day". The server connecting is a third party so I can't do it from that side.
Is it possible to create an object that will be "actioned" once there is no connection from the filtered server after a set amount of time? So say after 10 minutes if no additional connections are being received. I say additional connections as I am not interested in an email every 10 minutes stating there are no connections. I am also not really interested in when they start either as they start during my sleepy time.
Thank you so much for helping a Palo Alto noob.
09-24-2020 08:22 PM
This isn't really going to work. If the sessions happen long enough to stay active you could setup a log-forwarding profile to alert you on session-end, but the fact that these are ten minutes apart means that likely isn't going to be the case. You could of course set something up with the API and checking the session table.
09-25-2020 01:11 PM
Hello,
Perhaps can be done from a SIEM? However how about adding a schedule to the policy, i.e. its only accessible from point A to point B between the hours of X to Z?
Just a thought
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
