06-20-2019 02:12 PM
Hi folks,
I believe I know the answer, but wanting to make sure I understand. I am configuring log forwarding to a Varonis server for testing. I've been sending the traffic log, but Varonis will only process the Threat log.
I've configured the Threat in the Log forwarding profile, Vulnerability profie, etc and assigned it to my security rule, but my threat log is empty in general. I assuming this is because my device is unlicensed? Pa200 7.1.15. I guess I was hoping that something (anything) would go through.
Just checking if there are comments before I give up for now. 🙂
06-20-2019 02:17 PM
Agreed that without a license, you will not get the AV/Spyware/Vuln signature to match.
You could test with enabling Zone Protection Profile and DoS Protection Policies and force an attempted ping flood attack or port scan, or whatever... something that would "hit" as a threat in the logs, but does not require a licensed feature from PANW.
Thanks
06-20-2019 02:17 PM
Agreed that without a license, you will not get the AV/Spyware/Vuln signature to match.
You could test with enabling Zone Protection Profile and DoS Protection Policies and force an attempted ping flood attack or port scan, or whatever... something that would "hit" as a threat in the logs, but does not require a licensed feature from PANW.
Thanks
06-20-2019 09:54 PM
I think you can forward the threat logs without having the threat license.
06-21-2019 12:32 AM
Without a licence there are no threats to forward.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
