Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

About Correlation Object Detection

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

About Correlation Object Detection

L0 Member

Attention: JAPAC TPM team

 

I would like to know the following about Correlation Object (Beacon Detection) event generation.
We recognize that Beacon Detection defines how many times a malicious activity (e.g. access to threat URL) in a given period of time from the following descriptions.

[Correlation Object]
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/monitoring/use-the-automated-correlation-...
-----
Each pattern has a severity rating, and a threshold for the number of times the pattern match must occur within a defined time limit to indicate malicious activity.
When the match conditions are met, a correlated event is logged.
-----

WebGUI description of Beacon Detection (Monitor > Automated Correlation Engine > Correlation Objects):
-----
This correlation object detects likely compromised hosts based on activity that resembles command-and-control (C2) beaconing, such as repeated visits to recently registered domains or dynamic DNS domains, repeated file downloads from the same location, generation of unknown traffic, etc.
-----

About the Beacon Detection,
Can you please tell me the exact value of a threshold for the number of times?
Also, can you tell us how long period is specified to detect malicious activity?

0 REPLIES 0
  • 33 Views
  • 0 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!