Palo Alto BotNet Reports

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Palo Alto BotNet Reports

Hi!

I've got a question about BotNet reports available on Palo Alto firewalls. Maybe someone has an experience on how accurate they are, what logic they are using and how to better tune them to display more precise information?

At this point I have all default settings configured. But I have noticed that some of the web sites categorized by Palo Alto as malicious or malware are just web-ad banners and are not so critical. If web-ads are blocked by our firewall policy will it result on BotNet report behavior?

Thank you in advance.

Best regards,

Andrejs Cvetkovs

2 REPLIES 2

L7 Applicator

The web banner agencies are a vector of attack that malicious actors are using now.  They purchase ads from these legitimate vendors and get malicious links sent out via these ad services.  The specific services will come on and off the list as actual malicious links are detected and removed the same way that a compromised legitimate web site gets onto the list.

The botnet report is letting you know activity to sites that are on the malicious link list.  They may or may not be actually compromised it requires follow up.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

Thank you very much for your response, Steven!

I think it also answers the question regarding report configuration tuning, it all depends on after how many visits I want entry to be added to report.

  • 3427 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!