Threats - Palo Alto
- Juan Tomás Alonso Nieto (Deactivated)
Overview
The Threats view provides an overview of the triggered and defined alerts in your domain related to Palo Alto firewall activity.
When an alert is triggered in your domain, it will be registered here as a threat detected, whereas a threat definition will be the alerts defined with their corresponding conditions. The Firewall threats tab contains information on both Devo alerts as well as Palo Alto alerts as events.
The alerts in this view are designed to deal with specific Palo Alto firewall activity and can be found across Devo as well, such as in the Alerts area and the SecOps application.
Installation process
The Devo 360 for Palo Alto application provides predefined alerts that are installed when installing the application via Devo Exchange.
If these alerts already exist in your domain, the installation will respect the current state and will not replace them with the alerts contained in the application. If these alerts are new, they will be installed, however will be turned “off” until you enable them. Go to the Definitions tab to see how to do this.