Strange Log/Report Request

Announcements

Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

Reply
mario11584
L4 Transporter

Strange Log/Report Request

This idea might be a little strange so I apologize if it isn't completely clear.

Currently, we get a daily PDF report from our PAs that include items like the top 5 egress interfaces, threats, etc. Our security team has been interested in these reports lately and I have been reviewing the findings with them on a daily basis. I feel that most of our reports are nearly identical most days and it makes for a meaningless meeting everyday. For this reason, I was wondering if there is some kind of way to get a report that shows me if there is a deviation from the average day to day reports. For example, most days our report for top 5 egress interfaces is the same, in the same order (for bytes transmitted). Most of our other reports are like this too. Is there a way to only be sent a report if numbers 2 and 3, for example, on the list were swapped or if a completely new interface shows up on the report that day, instead of getting the same report everyday? My thought is no and we will probably have to utilize the API to pull the data and script something on our side with that data. Before we did that though I wanted to reach out and find out if there are any ideas or thoughts that could help us before we take the API road.

Thanks in advance for your thoughts and help!

_slv_
L4 Transporter

What version of PAN do You have?

5.0.6/7 has problems with reports, 5.0.8 should fix this problems but in my opinions problems still exist.

ie. I have custom report with "last 7 days" time frame that gives me some results. When I change _only_ from "last 7 days" to "last 24hours" I got completely different results.

My template looks like:

2013-11-02_202052.png

Could someone explain this?

Regards

Slawek

mario11584
L4 Transporter

We have 5.0.3.

Phoenix
L4 Transporter

Hello Mario,

I have understood your requirement and I see that there is a need to know "If there is an abnormal behavior or new data as against regular information" how to catch it in the reports OR is there a mechanism to notify it.

I am sure that such a system is not there as of now. I really appreciate your thought that if only something new is seen notify the change. But since PAN reporting works from the data gathered through different database as in Traffic, threat and so on and accumulate them and segregate on what ever we are looking for. Now this does not have the intelligence what is general and what is new so it is not having a mechanism to detect the change automatically.

Hope this helps.

mikand
L6 Presenter

Sounds like a great idea to fire as a feature request through your local SE.

That is to add a report type that can compare with previous report and only display the differences.

This way you could for example start with the regular report on monday (along with a difference report comparing with previous monday) and then just check the difference report the other days of that week (comparing with monday from the same week) as an example.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!