About Kandarp_Desai

Hi Guys, Is there any way I can create an alert in our SIEM tool for SPN failure? Let's say SPN Europe Central for our environment goes down, then what logs can we track for this?  ... View more

Hi All, We are running PA firewalls + Panorama + Prisma Access in our environment. Our aim is to upgrade our cloud prisma plugin to 3.0 for additional features, however we are not getting the best approach to do this.  Our existing environment is :  Device Current version Expected Version       Bunch of firewalls in HA pairs 9.1.8 10.1.4-h4 Panorama 9.1.13 10.1.4-h4 Cloud Services Plugin 2.1.0-h12.preferred 3.0 preferred Dataplane version 10.0.3 - VM-series Plugin  2.0.4 -   How should one approach this ? (1) Upgrade the Panorama + Plugins gradually ( 9 ---> 10.0 --->10.1 etc ) keeping the firewalls as is and then once Panorama + Plugins are upgraded we target the firewalls.  (2) Upgrade the Panorama + Plugins + Firewalls all at once  (3) Any other options ( we can have 0 downtime ) ... View more

Hi All, When Palo alto firewall detects a vulnerability ( in the ACC tab, threats widget ), what does it mean exactly? ( The source IP is private IP and destination is a public IP ) 1.Does it mean that the server is infected and is sending out traffic to some malicious IP.  2.Does it mean that the server is not infected but it contains software which could be exploited via the vulnerability detected. 3.Or it means something else totally? ... View more

Our firewalls managed by Panorama are updated daily but the Panorama device itself isnt scheduled to be updated.  Is this required ? Will the ACC tab on Panorama show the latest threats found on firewalls etc only if itself is updated ?  ... View more

Hi Guys, We are using ELK tool as a SIEM to raise incidents. We want to create an incident whenever there is a Risk 5 Application detected ( like bittorrent ). How do we go about doing this ? We do not see any field for Risk in the traffic logs.     ... View more