This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

useful custom reports

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

useful custom reports

MPI-AE
L4 Transporter

‎09-26-2017 11:44 PM

Hey all,

I want to create some custom reports to get more useful information about what is going on in my network.

I would like to know - just informational - which reports do you use in your daily business?

Respectively which reports you consider as useful.

Until now, I created one report that shows me the denied packets for every last week.

Can you give me some more hints?

Thank you!

0 Likes Likes
21 REPLIES 21

MPI-AE
L4 Transporter
In response to BPry

‎11-28-2017 01:55 AM - edited ‎11-28-2017 01:56 AM

@BPry

 

For example, when I want to create a custom report with the spyware infected hosts:

 

pa.JPG

 

How can I do this?

 

There aren't so much options..

0 Likes Likes

BPry
Cyber Elite
Cyber Elite
In response to MPI-AE

‎11-28-2017 10:20 AM

@MPI-AE,

The spyware report is actually pulling from the Threat database, with the ( subtype eq spyware ) as the actor. 

0 Likes Likes

DAYANAND
L1 Bithead

‎08-15-2018 06:09 AM

Hi, we can create custom reports as per our requirement, you could define the filters which you wish to observes the logs for like desti, zone, etc..One could define a time frame as well  like daily, weekly and so on. 

 

However I have a few questions that I still need ansewrs for : 

 

1.) There is an option for grouping the traffic log reports based on destination etc.... There is a maximum limit of 500 logs only that it can produce logs for. Does that mean I get only 500 logs from the time of capture ? If I am right what happens to the traffic generated after that ? Is there a way to incerase the limit >500. Because a custome report on Panorama with a limit of 500 means nothing even if I capture hourly.

0 Likes Likes

BPry
Cyber Elite
Cyber Elite
In response to DAYANAND

‎08-15-2018 06:38 AM

@DAYANAND,

It's the top 500 logs depending on whatever your sort criteria be. So if I use bytes for example, it's the TOP 500 logs as determined by the amount of bytes logged. If you are combining a 'Sort By' and 'Group By' operating within the same request you'll be limited to the Top 500 logs; however if you remove the 'Group By' you have access to as much as the Top 10,000 logs.

You have to get creative in the way you generate the reports so that the report actually gives you what you are looking for. I've yet to want to run any report that I wasn't able to work around these limitations in some way or another. 

I know that there are multiple FRs to increase this capability if you want to reach out to your SE and add your vote to those requests. 

 

0 Likes Likes

DAYANAND
L1 Bithead
In response to BPry

‎08-15-2018 07:14 AM

Hi @BPry

 

Thank you for the reply, after some thought your post made sense. I am still getting to know how the SORT BY and GROUPEDBY work in conjunction with eachother in generating reports. any explanantion in that direction will be helpful.  Is there any detailed documentation with examples where I can refer for further learning. Thank you

0 Likes Likes

MPI-AE
L4 Transporter
In response to BPry

‎12-10-2018 03:02 AM - edited ‎12-10-2018 03:05 AM

@BPryI'm still overwhelmed.

 

There is that top egress interfaces report that shows all interfaces and the bytes which were transmitted.

How can I create a custom report for that, but not for one day, but for a whole week? To see the weekly amount of bytes of my interfaces.

Unbenannt.JPG

0 Likes Likes

BPry
Cyber Elite
Cyber Elite
In response to MPI-AE

‎12-11-2018 10:18 AM

@MPI-AE,

Capture.PNGSome of that got cut off, but Select Columns I would start with Bytes, Count, Outbound Interface, Packets Received, Packets Sent, and Day. This will give you a break down for egress interface by day for the past seven days. Customize the Selected Columns to your liking. 

0 Likes Likes
  • 7687 Views
  • 21 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks