This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About ash83
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About ash83
05-20-2019
34Posts
1Like
1Solution
May 20, 2019Last Visited
User
Activity
User
Profile
Latest posts by ash83
| Subject | Views | Posted |
|---|---|---|
| 2862 | 05-16-2019 03:02 AM | |
| 3477 | 05-15-2019 02:23 AM | |
| 3482 | 05-14-2019 09:36 AM | |
| 5925 | 04-17-2019 01:38 AM | |
| 8011 | 04-12-2019 01:05 AM | |
| 8131 | 04-11-2019 11:53 AM | |
| 20128 | 04-11-2019 11:49 AM | |
| 6006 | 04-10-2019 09:07 AM | |
| 6044 | 04-10-2019 02:16 AM | |
| 20200 | 04-10-2019 02:15 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 11-02-2017 06:31 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 2 Likes |
User Badges
Community Statistics
| Member Since | 03-09-2017 03:22 AM |
| Date Last Visited | 05-20-2019 01:53 PM |
| Posts | 34 |
| Total Likes Received | 1 |
05-16-2019
03:02 AM
Hi Community, This query is for PAN-OS v8.1.X I am trying to generate an email alert when the firewall sees an (action eq sinkhole) event or when the security policy created to sinkhole an infected host is used. Email Profile(s) have already configured and so has Sinkhole. What is the best way to configure both, the email alert for the (action eq sinkhole) or any other Log-Threat entry, and also, when a specific security policy is used? Lastly, is it possible to generate a dynamic object including source IPs that have already been blocked by the firewall after detecting a vulnerability? The idea is to block access to IPs that already attempted an attack and were blocked by the firewall in the past. panw-highrisk-ip-list and panw-known-ip-list do not seem to be very effective as only one IP: 80.211.52.246 has been detected in almost 5 days. Thanks. Ho
... View more
05-15-2019
02:23 AM
Anyone know how to tag attacking IPs based on specific filters (for example when a critical vulnerability was blocked or even one specific vulnerability). With this tag you are then able to create a dynamic addressgroup and use this group in your policy to drop connections from there completely. Thanks, Ho
... View more
05-14-2019
09:36 AM
@vsys_remo could you please explain how the following can be implemented: "In PAN-OS 8 you could tag attacking IPs based on specific filters (for example when a critical vulnerability was blocked or even one specific vulnerability). With this tag you are then able to create a dynamic addressgroup and use this group in your policy to drop connections from there completely. " Thanks. Ho
... View more
04-17-2019
01:38 AM
Hi, wondering if anyone could assist with the last question?
Thanks.
Ho
... View more
04-12-2019
01:05 AM
Hello, From https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/threat-prevention/use-dns-queries-to-identify-infected-hosts-on-the-network/configure-dns-sinkholing.html The IP addresses currently are IPv4—sinkhole.paloaltonetworks.com and a loopback address IPv6 address—::1. These address are subject to change and can be updated with content updates. As per my previous update, in PAN-OS v9.0.1:
... View more
04-11-2019
11:53 AM
Have 2 HA VMs with 9.0.1 Following this article: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/threat-prevention/use-dns-queries-to-identify-infected-hosts-on-the-network/identify-infected-hosts.html In section 3), how does this need to be configured ( ( addr.dst in 10.15.0.20 ) ) when using Palo Alto Networks Sinkhole IP (sinkhole.paloaltonetworks.com) ? Thanks. Ho
... View more
04-11-2019
11:49 AM
Thanks for the reply. It might be a good idea to add these restrictions to the admin guide...
Ho
... View more
04-10-2019
09:07 AM
Thanks, we've followed the instructions provided and created folder PALogs and transferred the log there. We've also added the firewall as per instructions in page 16 of Expedition.
We are unable to find tab Plugins to continue with page 17. Has this tab been removed from v1.1.12?
How can be benefit from the ML analysis of these logs done by Expedition? An Excel doc has been created in Traffic tab including:
Device
Vsys
Date
Rule Name
Typology
Hits
Thanks.
Ho
... View more
04-10-2019
02:15 AM
Anyone?? Thanks
Ho
... View more
04-09-2019
08:31 AM
We are following Expedition-LogAnalysisGuide_v1.0.2.pdf to start using ML
Expedition is v1.1.12, BP v3.6.3, Task Manager is running and there are no internal checks to remediate
The firewalls are VMs running 9.0.1
In page 6 in the above doc, IP address 192.168.44.131 is used for Expedition. However, in page 7, a different IP is used in section Hostname: 10.30.11.50
Please confirm if the IP to configure in Schedule Log Report-Hostname should be the IP for Expedition.
We worked under this assumption, but we get the following error when clicking on Test SCP server connection: Error response from server: bash: /home/expedition/logs/ssh-export-test.txt: No such file or directory
What is causing this error and how can it be fixed?
Until the above is sorted, we would like to upload the logs manually, but the pdf does not include instructions on how to accomplish this:
MANUALLY EXPORT LOGS FROM MONITOR
You can always go to any firewall from Palo Alto Networks and from the Monitor tab export the logs in CSV format and upload that CSV file to Expedition for processing.
What is the process to manually upload the firewall logs onto Expedition?
Thanks.
Ho
... View more
04-09-2019
07:14 AM
Followed steps in pages 8 and 9 of the attachment, however, the errors/warning do not remediate. Using version 1.1.12 and BP:3.6.3
All internal checks are green and jobs and tast manager is Green, with 0 pending.
Why is this failing and what does remediate exactly do? Which logs can be reviewed to understand why remediate is not working?
Thanks.
Ho
... View more
04-08-2019
01:21 AM
Any ideas on how to find this information?
Thanks.
H
... View more
04-07-2019
10:52 AM
Expedition 1.1.3, BP 3.6.3, no internal checks to remediate, jobs and task managers up and running.
Got 2 PA VMs running 9.0.1 in an HA cluster. Created the required user to use API following the admin guide and https://www.youtube.com/watch?v=W0z8uxiI5Bg
Retrieve contents does not work. I've restarted the services in Expedition - this allegedly helped someone with the same problem in the Community.
Which logs do I need to review, and how can this problem be troubleshot?
Thanks.
Ho
... View more
04-06-2019
03:57 AM
From the Admin Guide: Serial # HA:
In case this firewall is part of a Cluster you can set the HA serial. This will matter for the Machine Learning module which will be explained in another chapter of this document.
What is the HA Serial, and where can it be found?
Thanks.
Ho.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
05-20-2019
01:53 PM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks