Trap SNMP for threat

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Trap SNMP for threat

L0 Member

Hi all,

From the mib file named PAN-TRAPS.mib I can see that there are some information about threat objects.

Is there anybody who knows how to use this.

I have tried to generate some threats but no traps were sent to the manager.

Thanks

Bruno

2 REPLIES 2

L7 Applicator

Bruno,
Please confirm the following:

Have you configured the Log forwarding settings in Objects tab? If not, you will have to create an entry to have SNMP traps occurs properly.

Click +Add to create a Log Forwarding Profile.

In this section, there are 2 sections to be forwarded: Traffic Settings and Threat Settings.

Each security policy can specify a log forwarding profile that determines whether traffic and threat log entries are logged remotely with Panorama, and/or sent as SNMP traps, syslog messages, or email notifications. By default, only local logging is performed.

Traffic logs record information about each traffic flow, and threat logs record the threats or problems with the network traffic, such as virus or spyware detection. Note that the antivirus, anti-spyware, and vulnerability protection profiles associated with each rule determine which threats are logged (locally or remotely).

Under threats, you will notice the Severity levels.  You have to configure SNMP(ver 2 or 3) with a SNMP Trap, Email and or Syslog destination. And every option has detailed settings.Please see below information about the Thread log settings.

Threat Log Settings

The severity levels are:

• Critical—Very serious attacks detected by the threat security engine.

• High—Major attacks detected by the threat security engine.

• Medium—Minor attacks detected by the threat security engine, including URL blocking.

• Low—Warning-level attacks detected by the threat security engine.

• Informational—All other events not covered by the other severity levels, including informational attack object matches.

I hope this helps answer your question.

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!

Hi,

I do have the same problem. After a snmpwalk, I receive about 380 OID's. But the OID's which are provided by Palo Alto, refering to PAN-TRAPS are not available and not shown through snmpwalk.

How can I get the threat, virus, or any other snmp related trap.?

  • 2773 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!