Skip to main content
Sumo Logic

Palo Alto Networks App Dashboards

The PAN App Dashboards monitor an overview, threat analysis, traffic, and generic IP issues.

Overview

The Overview Dashboard keeps you up-to-speed on the higher level operations of your PAN deployment.

pan_app_overview_700x320.png

Source Host Locations. Using a geolocation query, this Panel maps the location of source hosts using their IP addresses.

Threat Type by Severity. Breaks down the number of threats, ranked by severity; threat types are divided into separate categories (such as Vulnerabilities and URL). Threat types displayed in this Panel include Low, Informational, High, and Critical.

Bandwidth Consumption (Bytes) by Virtual System. Displays the bandwidth of virtual systems, making it easy to see which systems are consuming the most bandwidth.

Bandwidth Consumption (Percentage) by App. Each app deployed by your organization is represented in an overall breakdown of how apps are consuming bandwidth.

Threat Analysis

pan_app_threat_700x319.png

Threat Type. Get an idea of the number of threats as well as the type of threats detected by Palo Alto Networks. Top Destination IPs. Shows the top 10 destination IPs (the IPs that have made the most attempts).

Top Destination IPs. Ranks the top 10 destination IPs as a bar chart.

Severity by Protocol. View the number of threats sorted by severity (Critical, High, Low, or Informational).

App by Severity. Shows the breakdown of threats per app, sorted by threat level (Critical, High, Informational, and Low).

Top Source IPs. Ranks the top 10 source IPs hitting your firewall as a bar chart.

Threat by Category. The query behind this Panel parses the threat ID and category from your Palo Alto Network logs, then returns the number of threats sorted by category.

Traffic Monitoring

The Traffic Monitoring Dashboard includes several Panels that display information about incoming and outgoing traffic, including bytes sent and received.

pan_app_traffic_700x463.png

Events by Protocol. Displays the breakdown of events, sorted by protocol (ICMP, TCP, UDP, HOPOPT).

Top Destination IPs by Events. Using a geolocation query, this Panel maps which IPs are being accessed outside the network for all event types.

Top 10 Apps by Bytes Sent. Shows which apps are being sent the most bytes.

Apps by Action. This Panel queries all traffic types and then displays each app per drop, denial, and success.

Top Source IPs by Events. Displays the top 10 IPs generating events.

Top 10 Apps by Bytes Received. Traffic from the 10 most active apps is shown, making unexpected upticks in traffic easy to identify.

Bytes Sent/Received Overtime. Keep an eye on the overall inbound and outbound traffic in your deployment.

Triggered Rules by Virtual System. Including all existing trigger rules, this Panel displays traffic from each virtual system in your deployment.

Generic

This advanced Dashboard includes specialized, targeted Panels that are typically used by IT Admins.

pan_app_generic_700x318.png

Top 10 Source IPs by Byte. Watch for unexpected spikes in traffic from the top 10 Source IP addresses.

High Severity Threat Distribution. Displays the severity of threats over the past hour.

High Severity Threats by Destination & ID. Counted by the number of threats coming from specific destinations and IP addresses, Critical and High severity threats are shown.

Bandwidth Consumption by App. View the total bandwidth consumed by each app in one place.

Threat Distribution. Displays the source of threats as well as the number of threats over the past 24 hours.

High Severity Threats by Source & ID. No need to guess where Critical and High threats are coming from. This Panel displays each threat source.