Based on what I am seeing, there does not seem to be a way where I can limit what users can be reported against. For example, I have a help desk manager that needs to only see his staff. Right now, based on the way the firewall functions, he can see what the president of the company is doing online. Per our company policy, all URLs must be logged regardless of user so not logging some users would not really be the best option. We switched from Websense to the Palo Alto Brightcloud option and the reporting is quite limited. Few questions... Are there any 3rd party products that I can use to better secure the reports or to get better URL reports? Second, so Palo Alto could compete with Websense to attract more users looking for the reports when switching platforms, could an option be built into the user account on the firewall or Panorama where an admin could type a list of users or use a group of users that they are allowed to see when reporting. This way lower managers cannot see top execs or other departments. It would be huge for my employer and probably others if the reporting could allow this.
One option would be to export the URL logs via syslog to an external SIEM or other product which can produce more detailed reports. Syslog would be the best way to export this data from the device.
For enhancements to reporting on the Palo Alto itself, I would suggest working with your Palo Alto Networks Sales Engineer about your requirements and possibly getting a feature request submitted.
If you have specific address ranges or networks for different roles in your organization you may be able to try and create a custom report with query builder and specify attributes of source or destination address or zone.
A custom syslog format may be the best way to go on this as it looks like I can capture everything that way. From there I can use SQL Reporting Services to generate all of the necessary reports.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!