You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/integrations/cloud-security-monitoring-analytics/palo-alto-networks-11.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -150,7 +150,7 @@ Increased and unaccounted-for increase in traffic may be the result of unauthori
150
150
151
151
### Potentially Malicious Activity
152
152
153
-
The **Palo Alto Networks 11 - Potentially Malicious Activity** dashboard provides information about inbound and outbound traffic IP addresses called out as potentially malicious by threat intelligence, countries on the OFAC (embargoed) list, and potential port scans. Use this dashboard to analyze attempted and successful connections to IP addresses on threat intelligence lists, both inbound and outbound. Additionally, you can view connections to geolocation IP addresses associated with countries on the OFAC list (USA embargo list). Futhermore, the bottom panel provides analysis on vertical port scans (one target scanned on multiple network ports) and horizontal port scans (same port scanned across multiple destinations).
153
+
The **Palo Alto Networks 11 - Potentially Malicious Activity** dashboard provides information about inbound and outbound traffic IP addresses called out as potentially malicious by threat intelligence, countries on the OFAC (embargoed) list, and potential port scans. Use this dashboard to analyze attempted and successful connections to IP addresses on threat intelligence lists, both inbound and outbound. Additionally, you can view connections to geolocation IP addresses associated with countries on the OFAC list (USA embargo list). Furthermore, the bottom panel provides analysis on vertical port scans (one target scanned on multiple network ports) and horizontal port scans (same port scanned across multiple destinations).
@@ -198,7 +198,7 @@ import CreateMonitors from '../../reuse/apps/create-monitors.md';
198
198
|:--|:--|:--|:--|
199
199
|`Palo Alto Networks 11 - Monitor High-Risk Applications forThreat Logs` | This alert is triggered when a high risk application for threat log is detected, helping security team track their usage and spot any anomalous behavior. By analyzing traffic patterns, this aidsin proactive threat mitigation and ensures compliance with security policies. | Critical | Count > 0 |
200
200
|`Palo Alto Networks 11 - Monitor High-Risk Applications forTraffic Logs` | This alert is triggered when a threat is detectedin high risk application by analyzing traffic logs. It helps network team track application usage patterns and identify unusual real-time behavior. By monitoring traffic flows, this aids in optimizing network performance and ensuring adherence to security policies, thereby reducing potential risks and maintaining efficient operations. | Critical | Count > 1|
201
-
|`Palo Alto Networks 11 - Detect Unauthorized or Shadow IT Usage for Traffic Logs`| This alert is triggered when an unauthorized or shadow IT activities is detected by surveing the netwrok traffic. By examining traffic logs, this detects unsanctioned applications that bypass formal approval processes, helping the IT team manage these applications effectively. This ensures that such applications do not disrupt network performance or compromise compliance standards, safeguarding the organization's network environment. | Critical | Count > 0 |
201
+
|`Palo Alto Networks 11 - Detect Unauthorized or Shadow IT Usage for Traffic Logs`| This alert is triggered when an unauthorized or shadow IT activities is detected by surveing the network traffic. By examining traffic logs, this detects unsanctioned applications that bypass formal approval processes, helping the IT team manage these applications effectively. This ensures that such applications do not disrupt network performance or compromise compliance standards, safeguarding the organization's network environment. | Critical | Count > 0 |
202
202
| `Palo Alto Networks 11 - Detect Unauthorized or Shadow IT Usage for Threat Logs` | This alert is triggered when a unauthorized or shadow IT activities that may introduce security threats into the network is detected. By analyzing threat logs, this identifies unsanctioned applications that could potentially exploit vulnerabilities or bypass security controls. This vigilance helps security teams to proactively mitigate risks, maintain network integrity, and ensure compliance with regulatory requirements. | Critical | Count > 0 |
203
203
| `Palo Alto Networks 11 - Detect Tunneled Applications & Evasion Attempts` | This alert is triggered if applications uses tunneling techniques to bypass security controls, as well as any evasion attempts are detected. This strengthens security measures by revealing hidden threats and ensuring transparent network operations. | Critical | Count > 0 |
204
204
| `Palo Alto Networks 11 - Alert on Traffic to Embargoed Locations` | This alert is triggered when traffic directed towards embargoed or restricted locations is identified. It supports regulatory compliance and reduces the risk of inadvertently communicating with prohibited regions. | Critical | Count > 0 |
0 commit comments