AlienVault® USM Anywhere™

Viewing Your Palo Alto Networks Events

Role Availability Read-Only Analyst Manager

With the collection of your Palo Alto Networks PAN-OS logs, USM Anywhere collects, enriches, and analyzes inbound and outbound network traffic log data from your Palo Alto firewall. It detects any malicious inbound or outbound network traffic, such as malware communications. When USM Anywhere detects a threat, it generates an alarmAlarms provide notification of an event or sequence of events that require attention or investigation..

After the USM Anywhere Sensor collects the first Palo Alto Networks PAN-OS log data and USM Anywhere normalizesNormalization describes the translation of log file entries received from disparate types of monitored assets into the standardized framework of Event types and sub-types. the raw data, these events start appearing in the Events page. To provide a more focused view of these events, the Palo Alto dashboard is available under Dashboards in the top navigation menu.

View the Palo Alto dashboard in USM Anywhere

This dashboard summarizes the events originating from your integrated Palo Alto Networks Next-Generation Firewall (NGFW) products so that you see what's going on at a glance. Click items displayed in the data elements to drill down to the list of events:

  • Categories
  • Applications
  • Threats
  • Top Threat Users
  • Outcomes
  • Top Signatures
  • Top Malware

Review events orginating from Palo Alto devices