search

Alto MONITOR Manuel d'utilisateur Page 16

  • Télécharger
  • Ajouter à mon manuel
  • Imprimer
  • Page
    / 18
  • Table des matières
  • MARQUE LIVRES
    • Noté. / 5. Basé sur avis des utilisateurs
Vue de la page 15
160 Panorama Administrator’s Guide
Use Case: Respond to an Incident Using Panorama Monitor Network Activity
The log details for each log entry display the Related Logs for the event. This information points you to the
traffic, threat, URL filtering or other logs that you can review and correlate the events that led to the incident.
For example, filter the traffic log (
Monitor > Logs > Traffic) using the IP address as both the source and the
destination IP to get a complete picture of all the external and internal hosts/clients with which this victim IP
address has established a connection.
Review WildFire Logs
In addition to the threat logs, use the victim IP address to filter though the WildFire Submissions logs. The
WildFire Submissions logs contain information on files uploaded to the WildFire service for analysis. Because
spyware typically embeds itself covertly, reviewing the WildFire logs tells you whether the victim recently
downloaded a suspicious file. The WildFire forensics report displays information on the URL from which the
file or .exe was obtained, and the behavior of the content. It informs you if the file is malicious, if it modified
registry keys, read/wrote into files, created new files, opened network communication channels, caused
application crashes, spawned processes, downloaded files, or exhibited other malicious behavior. Use this
information to determine whether to block the application that caused the infection (web-browsing, SMTP,
FTP), make more stringent URL filtering policies, or restrict some applications/actions (for example, file
downloads to specific user groups).
If WildFire determines that a file is malicious, a new antivirus signature is created within 24-48 hours and made
available to you. If you have a WildFire subscription, the signature is made available within 30-60 minutes as part
of the next WildFire signature update. As soon as the Palo Alto Networks next-generation firewall has received
a signature for it, if your configuration is configured to block malware, the file will be blocked and the
information on the blocked file will be visible in your threat logs. This process is tightly integrated to protect
you from this threat and stems the spread of malware on your network.
Access to the WildFire logs from Panorama requires the following: a WildFire subscription, a file
blocking profile that is attached to a security policy, and threat log forwarding to Panorama.
Copyright © 2007-2014 Palo Alto Networks
Vue de la page 15
1 2 ... 11 12 13 14 15 16 17 18

Commentaires sur ces manuels

Pas de commentaire
Produits connexes et manuels pour Processeurs Alto MONITOR
Processeurs Alto Verb Manuel d'utilisateur   (17 pages)
Processeurs Alto Verb Manuel d'utilisateur   (35 pages)
Processeurs Alto Verb Manuel d'utilisateur   (34 pages)
  • Worldlawn IDo Alcohol Soft De-sta-co Vredefort
  • Krups Non Bretford Tables indépendantes Logitech Adaptateurs de réseau PowerLine Cuisinart Non Linear Claviers numériques
  • Lenco Xemio-244 Philips BD-R HP 11i Bosch BGB8A32W Electrolux EW6S4R06BI
  • Samsung LE32S62B Manuel de l'utilisateur Kreg DB210 Foreman Pocket-Hole Machine Manuel de l'utilisateur GoVideo R6750 Manuel de l'utilisateur Samsung MM-E430D Manuel de l'utilisateur