Panorama File Filtering Test
File filtering allows you to enforce policies that prevent sensitive data leakage, comply with regulations, and maintain security within your network environment. You can create data filtering profiles to define how files are handled based on specific criteria. These profiles allow you to filter content based on various factors, such as file properties, credit card numbers, and third-party data loss prevention (DLP) labels. If the target panorama is not continuously monitored, administrators might not be alerted to suspicious or harmful files entering your network.
This test continuously monitors the file filters in Palo Alto Panorama, and reports the number of files filtered by each file filter. Using this test, administrators can be aware of threats that were encountered, and the action taken.
Target of the test: Palo Alto Panorama
Agent deploying the test: A Remote Agent
Outputs of the test: One set of results for each file filter in the Palo Alto Panorama that is being monitored.
|
Parameter |
Description |
|---|---|
|
Test period |
How often should the test be executed. |
|
Host |
The IP address of the target host to be monitored. |
|
Port |
Specify the port at which the specified host listens to. |
|
API Key |
The eG agent collects the required metrics from the target Palo Alto Panorama by executing API commands using XML API and pulls out critical metrics. In order to collect metrics, the eG agent should be provided with a valid API key. |
|
SSL |
By default, this flag is set to Yes indicating that the SSL (Secured Socket Layer) is used to connect to the target Palo Alto Panorama. If not so, set the SSL flag to No . |
|
Detailed Diagnosis |
To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option. The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:
|
|
Measurement |
Description |
Measurement Unit |
Interpretation |
|---|---|---|---|
|
Recent file filters |
Indicates the total number of files detected by this file filter in the panorama. |
Number |
The detailed diagnosis of this measure lists the category of the file, file URL, source address of the session, application name, source/destination address, source/destination port, the threat, action taken, the device name, and the serial number of the device. |
