PALO ALTO PAN OS 8.0

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

PALO ALTO PAN OS 8.0

L0 Member

Hello Team,
I am a SOC ANALYST , I wanted to know all the "Event name" that i can see on my SIEM. so i can make sure that i am seeing all the events. Please help. I want to make sure if any "Event Name" is missing.
Currently I am seeing these "Event Names"

Traffic Close
URL Filtering
Session Denied
Received conflicting ARP on interface indicating duplicate IP
System Informational
Client Configuration
FileType Detected
User Logout
URL Blocked
System Error
System Notice
User Login
Config installed
Daemon configuration load phase succeeded
Configuration Change Successful
Failed User Login
User connected to a server
unknown
PAN-DB miscellaneous information
PNG File Chunk Length Abnormal
Configuration Changed Submitted
Configuration synchronized with peer
HTTP SQL Injection Attempt
Suspicious DNS Query
HTTP SQL Injection Attempt
User Session Timed Out
HTTP Directory Traversal Vulnerability
Wordpress system.multicall XMLRPC Information Disclosure Vulnerability
OpenSSL TLS Malformed Heartbeat Request Found - Heartbleed
OpenSSL TLS Encrypted Heartbeat Information Disclosure Vulnerability - Heartbleed
Palo Alto PA Series Appliances Message
Microsoft Windows win.ini access attempt
HTTP Cross Site Scripting Attempt
WordPress Cuckootap Theme Arbitrary File Download Vulnerability
WordPress Revolution Slider File Upload Vulnerability
Unrecognized Vulnerability Exploit Threat Event
HTTP SQL Injection Attempt
HTTP SQL Injection Attempt
System Warning
Generic HTTP Cross Site Scripting Attempt
Generic HTTP Cross Site Scripting Attempt
Configuration Change Failed
Long Http Transfer Encoding Anomaly
Baidu_Sobar_4_9_4 Information Disclosure
Bash Remote Code Execution Vulnerability
Apache Struts ClassLoader Security Bypass Vulnerability
PeerCast HandshakeHTTP Function Buffer Overflow
Netscape iPlanet Search NS-Query-Pat Directory Traversal Vulnerability
Apache Struts2 Redirect/Action Method Remote Code Execution Vulnerability
IBM WebSphere Faultactor Cross-Site Scripting Vulnerability
RealNetworks Realplayer RecordClip Parameter Injection Remote Code Execution Vulnerability
Wordpress MailPoet Newsletters Unauthenticated File Upload Vulnerability
Jive Software Openfire Jabber Server Authentication Bypass
Microsoft Schannel Remote Code Execution Vulnerability
Generic HTTP Cross Site Scripting Attempt
HTTP Non-RFC Compliant Request
Microsoft Windows IIS Script Filename Wrong Parsing Remote Code Execution Vulnerability
Unrecognized Spyware Threat Event
Apache Struts Content-Type Remote Code Execution Vulnerability
WordPress Login BruteForce Attempt
1 REPLY 1

L7 Applicator

Hi @Saad.ahmed

 

I honestly don't think someone will (or is able) to share a complete list of event names. But may I ask for what you need such a list? As a SOC analyst my interpretation is that you need to be alerted based on the severity of the events and of there is vulnerable software that is used kn your network you can override the alerts and priorize specific events. On https://threatvault.paloaltonetworks.com you can search for threat IDs. There are thousands of vulnerabilities a paloalto firewall is able to detect, so your list needs to be a little longer to be complete.

 

Regards,

Remo

  • 6981 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!