Palo Alto Dashboards & Reporting – What you can do and How?
Palo Alto – Next-generation firewall is among the top recommended next-generation Firewalls. It is being utilized extensively by companies of all sizes be it a small startup or large enterprises, banks, ISPs to secure their parameter and improve their network security posture. Palo alto apart from traditional firewall capabilities of blocking port/IP address combination comes with impressive features such as Anti-malware, Anti-Virus, Anti-Spam, Data Loss Prevention, Sandboxing using Wildfire, URL Filtering, App-ID, User-ID, and the list goes on.
In this blog post, we will go through the Dashboarding and Reporting capabilities of Palo Alto’s next-generation firewall which is very crucial and useful for network Administrators to get insights into their network traffic and network security portfolio. The PAN-OS i.e. the operating system running on all Palo Alto firewalls comes with a number of dashboards OOTB for which you can simply navigate to the correct menu, explore the filter as required. Apart from OOTB dashboards and reports Palo Alto also gives the admins the flexibility and power to generate custom reports as per one’s tailored requirements as well and schedule them to be delivered on mail as per the defined schedule. We will explore both in the following sections:
OOTB Dashboards and Reports
All OOTB Dashboards can be accessed by Navigating to Monitor Tab and then App Scope menu from the navigation pane on the left.
Following are the various Dashboard Groups and Reports that you can access here:
- Top 5 Gainers (Last 60 minutes vs yesterday)
- Top 5 Losers (Last 60 minutes vs yesterday)
- Top 5 Bandwidth Consuming App Categories (Last 24 hours)
- Top 5 Threats (Last 24 hours)
- Change Monitor – This dashboard shows how session count of traffic changed and comes with easy to filter and sort options which you can select from the top menu on this dashboard:
- Threat Monitor – This dashboard provides useful insights into threats detected by Palo Alto and comes with easy to select dropdown options.
- Threat Map – This dashboard plots the threats intercepted by Palo Alto on World Map. You can also use the various filter options given in the menu on top.
- Network Monitor – This dashboard shows bandwidth utilization statistics and comes with easy to filter and sort options which you can select from the top menu on this dashboard:
- Traffic Map – Similar to Threat Map this dashboard plots the incoming and outgoing traffic intercepted by Palo Alto on World Map for visual representation.
Where the OOTB report does not suffice the requirements, Palo Alto provided the features to create and schedule custom reports. The same can be accessed by navigating to the “Manage Custom Reports” section from the left navigation menu under the monitor Tab. Then from the bottom of the main page click on the “Add” button to create a new custom report.
This will open the “Custom Report” pane, under which you can define the various parameters and conditions for your custom report.
Further, you can preview your report by clicking on the “Run Now” button and further tune the conditions of the report till requirements are met.
The report you ran can also be exported to PDF, CSV, or XML to share and process further manually.
For scheduling these reports to be sent via mail at regular interval let’s say Weekly, you can do so by creating an Email Scheduler Task from the left navigation pane under the monitor tab itself:
This brings us to the end of this tech blog post, we hope it shall be useful for the Palo alto admins and network admins alike to utilize the Dashboard and Reporting capabilities of Palo Alto.
For any suggestions & Feedback feel free to reach out to the author of this blog post – firstname.lastname@example.org