I would like to create and export a security report giving me a simple count on the number of times an attack was attempted.
The definition of an "attack" could range anywhere from a network discovery to a tentative of password brute-force, as many vectors as possible.
I am using a PA-3020 on version 9.1.9 but the report won't be limited to this version and will be executed on other PAs.
What would be the best way to create such a report?
Log into the firewall, go to the monitor tab, scroll to the bottom and click manage custom reports, click add, in the top left of the dialog popup, click load template.
Think of a template as a widget, a specific portion of a report.
The filter builder in the bottom will let you exempt or add specificity (maybe your domain controller has a high number of connections you know to be good clogging up the report).
You then go to your report groups menu to take those "widgets" and put them together. Then with email scheduler you can export them, or you are able to click reports at the very bottom of the monitor tab if you aren't exporting them via email you can do it manually.
You are able to repeat this process on each NGFW, coordinate it to all NGFWs with Panorama, or script it using IronSkillet. Many options!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!