This idea might be a little strange so I apologize if it isn't completely clear.
Currently, we get a daily PDF report from our PAs that include items like the top 5 egress interfaces, threats, etc. Our security team has been interested in these reports lately and I have been reviewing the findings with them on a daily basis. I feel that most of our reports are nearly identical most days and it makes for a meaningless meeting everyday. For this reason, I was wondering if there is some kind of way to get a report that shows me if there is a deviation from the average day to day reports. For example, most days our report for top 5 egress interfaces is the same, in the same order (for bytes transmitted). Most of our other reports are like this too. Is there a way to only be sent a report if numbers 2 and 3, for example, on the list were swapped or if a completely new interface shows up on the report that day, instead of getting the same report everyday? My thought is no and we will probably have to utilize the API to pull the data and script something on our side with that data. Before we did that though I wanted to reach out and find out if there are any ideas or thoughts that could help us before we take the API road.
Thanks in advance for your thoughts and help!
What version of PAN do You have?
5.0.6/7 has problems with reports, 5.0.8 should fix this problems but in my opinions problems still exist.
ie. I have custom report with "last 7 days" time frame that gives me some results. When I change _only_ from "last 7 days" to "last 24hours" I got completely different results.
My template looks like:
Could someone explain this?
I have understood your requirement and I see that there is a need to know "If there is an abnormal behavior or new data as against regular information" how to catch it in the reports OR is there a mechanism to notify it.
I am sure that such a system is not there as of now. I really appreciate your thought that if only something new is seen notify the change. But since PAN reporting works from the data gathered through different database as in Traffic, threat and so on and accumulate them and segregate on what ever we are looking for. Now this does not have the intelligence what is general and what is new so it is not having a mechanism to detect the change automatically.
Hope this helps.
Sounds like a great idea to fire as a feature request through your local SE.
That is to add a report type that can compare with previous report and only display the differences.
This way you could for example start with the regular report on monday (along with a difference report comparing with previous monday) and then just check the difference report the other days of that week (comparing with monday from the same week) as an example.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!