Set Additional Threat Log Quickplay

cancel
Showing results for 
Search instead for 
Did you mean: 
L1 Bithead
Did you find this article helpful? Yes No
No ratings

quickplay_solutions.png

 

 

 

 

 

 

Brief Description

This solution is a tool that allows you to enable additional threat logging on multiple firewalls directly or through Panorama:

 

  • Enable the firewall to generate Threat logs for a teardrop attack and a DoS attack using ping of death
  • Generate Threat logs for the types of packets listed above if you enable the corresponding packet-based attack protection 

 

Prerequisites

This solution requires the pan-os-python package and access to the NGFW or Panorama.

 

Solution Details

Documentation: https://github.com/PaloAltoNetworks/panos-set-additional-threat-log/blob/main/README.md

Github Location: https://github.com/PaloAltoNetworks/panos-set-additional-threat-log

Github Branches: main

PAN-OS Versions Supported: 8.1.2+

 

Full Description

The description below gives an overview of the solution elements. For detailed information regarding prerequisites and solution usage please review the PAN-OS Set Additional Threat Log documentation.

 

Using the solution currently requires python and a command line.

 

Prepare Environment

  • Clone the repository
  • Open up the repository in a terminal or other python IDE
  • Install packages necessary to run code: 

    pip install pan-os-python

 

Identify Device Setup

Determine the NGFW and Panorama setup of interest and collect relevant identification for those devices. There are five different options for how to connect and evaluate the solution on the devices.

  • panorama_all: Run on all devices connected to Panorama
  • firewall_list: Run direct on list of firewalls by FQDN or IP
  • panorama_list: Run through Panorama on list of firewalls by Serial, Name, or Management IP
  • firewall_file: Run direct on list of firewalls from a file
  • panorama_file: Run on list of firewalls from a file through Panorama

 

Build and Run command

Based on the device setup chosen above, build the command to execute the solution as defined in the documentation.

The following command can optionally be run on the NGFW CLI to verify that the setting has been enabled: 

 

firewall> show system state filter cfg.general.additional-threat-log

 

 

Rate this article: