This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

send alerts when large files uploaded

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

send alerts when large files uploaded

dvu5103
Not applicable

‎07-01-2014 03:53 PM

Hi all,

   Please help to config in PAN devices a rule to send alerts to admin when large files, say geq 100Mb, are uploaded to Internet.

Thank you.

0 Likes Likes
8 REPLIES 8

hshah
L6 Presenter

‎07-01-2014 04:01 PM

Hello DVU,

If file has any threat content than firewall generates alert.

It doesnt generate any log for larger file, Its not possible as of now.

Regards,

Hardik Shah

0 Likes Likes

HULK
L7 Applicator

‎07-01-2014 04:04 PM

Hello Dvu5103,

You can create a custom signature for the same:

For an example:

----Go to Object > Custom Objects > Vulnerability and click Add ( Set default action to "alert")

----Go to the Custom Vulnerability Signature > Signatures tab and click Add

----In the window that appears, create a custom signature with 'And condition'.

---In the Standard window, click 'Add Or Condition' and set 'Operator to Greater Than'

---Set an appropriate context.

----You can add this profile in a security profile.

You can post a request to our development team ( Dev-Center), they will be able to help you for the same, else contact with your Palo Alto Networks SE, he will guide you.


Thanks.

0 Likes Likes

dvu5103
Not applicable
In response to hshah

‎07-01-2014 04:04 PM

In order to protect our information, we need to monitor all upload activities to Internet. So it's not possible in PANs ?

Thank you.

0 Likes Likes

dvu5103
Not applicable
In response to HULK

‎07-01-2014 04:09 PM

Thanks, Hulk. I will study your guidance.

0 Likes Likes

hshah
L6 Presenter
In response to dvu5103

‎07-01-2014 04:36 PM

Hello DVU5103,

It would be hard to specify file size as a parameter in vulnerability custom signature. Hence as HULK said it would be good idea to contact SE.

Regards,

Hardik Shah

0 Likes Likes

mivaldi
L7 Applicator

‎07-01-2014 04:53 PM

You can not do alerts, but you can have a daily report for sessions with large data transfers. You will get the information you need the next day.

Go to Monitor > Manage Custom Reports

Add a custom report selecting Database=Traffic Log, Time Frame=Last 24 hours, sort by Bytes, add a query statement with the query builder to have Attribute Bytes, Operator greater or equal than, and add the value.

Then set up your Email Scheduler to have the report be delivered Daily. These will generate every day at 2:02am.

hshah
L6 Presenter
In response to mivaldi

‎07-01-2014 05:10 PM

Hi Mivaldi,

This appears to be a faster workaround.

Regards,

Hardik Shah

0 Likes Likes

HULK
L7 Applicator
In response to dvu5103

‎07-01-2014 05:13 PM

Lets try with these available contexts:

context.PNG

This doc will give you some guideline too: Custom Application Signatures

Thanks

  • 4948 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks