KHIKA App for PaloAlto Firewall

From khika
Revision as of 08:44, 19 June 2019 by Rituja darandale (talk | contribs) (Created page with "== How to check the output of KHIKA PaloAlto Firewall App ? == === Paloalto Suspicious Communication Dashboard=== Go to "Dashboards" from the left menu. From the list of in-...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

How to check the output of KHIKA PaloAlto Firewall App ?

Paloalto Suspicious Communication Dashboard

Go to "Dashboards" from the left menu. From the list of in-built dashboards, select this one. It shall open the Dashboard. This dashboard focuses on the paloalto firewall communication with suspicious IP(s) and its traffic status,action. You can filter and search information and create new ones too. For help with Dashboards, click here

Elements in the Dashboard are explained below :

Elements in "Paloalto Suspicious Communication" Dashboard
Visualization Description
Contribution of Action pie chart Contribution of differnt types of action like allow/deny on paloalto firewall.
MaliciousIP wise Action bar graph X axis : One or more Malicious IP(s)

Y axis : MaliciousIP wise Action and it's count

Source wise Hits bar graph X axis : One or more SourceIP(s)

Y axis : Source wise number of hits.

Destination wise Hits bar graph X axis : One or more DestinationIP(s)

Y axis : SourceIP wise number of hits.

Source wise Source Location bar graph X axis : One or more SourceIP(s)

Y axis : SourceIP wise source location and it's count.

Destination wise Destination Location bar graph X axis : One or more DestinationIP(s)

Y axis : DestinationIP wise destination location and it's count.

Time trend Trend of login events over time. Useful to identify unusual spikes at a glance.

X axis : date & time
Y axis : count of events
Summary Table Detailed data with timestamp and count

Suggestion for useful interaction with this dashboard could be :

  1. Click on “MaliciousIP” in the "MaliciousIP wise Action" bar graph. This gets selected and shows the maliciousIP(s) wise action(s) on paloalto firewall.The next bar shall show source and destination wise hits and also source and destination wise location information of paloalto firewall.
  2. The next pie shall shows differnt types of action on paloalto firewall. Details of MaliciousIP can be seen in the summary table.How to remove this filter is explained here

Paloalto Config Summary Dashboard

Go to "Dashboards" from the left menu. From the list of in-built dashboards, select this one.It shall open the Dashboard.This dashboard shows the details about configuration changes made on the Palo Alto Firewall and commands executed by the user. You can filter and search information and create new ones too. For help with Dashboards, click here

Elements in the Dashboard are explained below :

Elements in "Paloalto Config Summary" Dashboard
Visualization Description
Contibution of Command pie chart Names and contribution of commands which were fired on paloalto firewall.
Admin wise Command bar graph X axis :One or more Admin users

Y axis : Commands fired by admin user and it's count.

Contribution of FW IP pie chart Contribution of number of firewall IP's.
FW IP wise Command bar graph X axis : One or more firewall IP's

Y axis : Commands fired by firewall IP's and it's count.

Contribution of Path pie chart Contribution of path of paloalto firewall
Contribution of Result pie chart Contribution of results like succeeded,submitted etc. of paloalto firewall.
Time trend Trend of login events over time. Useful to identify unusual spikes at a glance.

X axis : date & time
Y axis : count of events
Summary Table Detailed data with timestamp and count

A suggestion for useful interaction with this dashboard could be :

  1. Click on “Command” in the "Admin wise Command" bar graph. This gets selected and shows the Admin wise commands fired on paloalto firewall.The next bar shall show FWIP wise commands fired on paloalto firewall.
  2. The next pie shall shows differnt types of result,command,path and FWIP of paloalto firewall. Details of commandcan be seen in the summary table.How to remove this filter is explained here


Paloalto User Authentications Dashboard

Go to "Dashboards" from the left menu. From the list of in-built dashboards, select this one. It shall open the Dashboard. This dashboard shows the details information about user login and logout activities and authentication failure activities on the Palo Alto firewall.

You can filter and search information and create new ones too. For help with Dashboards, click here

Elements in the Dashboard are explained below :

Elements in "Paloalto User Authentications" Dashboard
Visualization Description
Contribution of Source pie chart Contribution of differnt sources of paloalto firewall.
User wise Staus bar graph X axis :One or more Users

Y Axis : User wise staus and it's count.

Contribution of Status pie chart Contribution of status like authenticated,loggedin etc. on paloalto firewall.
Time trend Trend of login events over time. Useful to identify unusual spikes at a glance.

X axis : date & time
Y axis : count of events
Summary Table Detailed data with timestamp and count


Some suggestions for useful interaction with this dashboard could be :

  1. Click on “User” in the "User wise Staus" bar graph. This gets selected and shows the user wise status on paloalto firewall.
  2. The next pie shall shows differnt types of status ,sources of paloalto firewall. Details of users activity can be seen in the summary table.How to remove this filter is explained here.

Paloalto System Summary Dashboard

Go to "Dashboards" from the left menu. From the list of in-built dashboards, select this one. It shall open the Dashboard. This dashboard shows the details information about the system activities on the Palo Alto Firewall.

You can filter and search information and create new ones too. For help with Dashboards, click here

Elements in the Dashboard are explained below :

Elements in "Paloalto System Summary" Dashboard
Visualization Description
Contribution of Severity pie chart Contribution of different types of severity like informational of paloalto firewall.
Contribution_of_Subtype pie chart Contribution of different types of subtypes of paloalto firewall.
Time trend Trend of login events over time. Useful to identify unusual spikes at a glance.

X axis : date & time
Y axis : count of events
Summary Table Detailed data with timestamp and count


Some suggestions for useful interaction with this dashboard could be :

  1. The next pie shall shows differnt types of severity and subtype of paloalto firewall.
  2. Details of system activity can be seen in the summary table.How to remove this filter is explained here

Paloalto Threats Detection By Application Dashboard

Go to "Dashboards" from the left menu. From the list of in-built dashboards, select this one. It shall open the Dashboard. This report focusses on the user activity on Linux servers. Which actions users have taken, programs used etc. Names and contribution of commands which were fired.

You can filter and search information and create new ones too. For help with Dashboards, click here

Elements in the Dashboard are explained below :

Elements in "Paloalto Threats Detection By Application" Dashboard
Visualization Description
Contribution of Action pie chart Contribution of the actions on paloalto firewall.
Contribution of Application pie chart Contribution of differnt types of application like web-browsing,ssl etc. on paloalto firewall.
ThreatName wise Action bar graph X axis : Differnt types of Threat

Y axis : Threatname wise action performed and its count.

Source wise Threat bar graph X axis : One or more SourceIP(s)

Y axis : SourceIP wise Threat and it's count.

Destination wise Threat bar graph X axis : One or more DestinationIP(s)

Y axis : DestinationIP Threat and it's count.

Time trend Trend of login events over time. Useful to identify unusual spikes at a glance.

X axis : date & time
Y axis : count of events
Summary Table Detailed data with timestamp and count

Some suggestions for useful interaction with this dashboard could be :

  1. Click on “ThreatName” in the "ThreatName wise Action" bar graph. This gets selected and shows the ThreatName wise action performed on paloalto firewall.The next bar shall show SourceIP and DestinationIP wise threat and its count.
  2. The next pie shall shows differnt types of action and application on paloalto firewall. Details of threat information can be seen in the summary table.How to remove this filter is explained here

Paloalto Allowed External Source Dashboard

Go to "Dashboards" from the left menu. From the list of in-built dashboards, select this one. It shall open the Dashboard. This dashboard shows the allowed external source traffic of Palo Alto firewall.

You can filter and search information and create new ones too. For help with Dashboards, click here

Elements in the Dashboard are explained below :

Elements in "Paloalto Allowed External Source" Dashboard
Visualization Description
Contribution of Source Location pie chart Contribution of source locations of paloalto firewall.
Source wise Hits bar graph X axis : one or more SourceIP(s)

Y axis : SourceIP wise number of hits.

Destination wise Hits bar graph X axis : one or more DestinationIP(s)

Y axis : DestinationIP wise number of hits.

Time trend Trend of login events over time. Useful to identify unusual spikes at a glance.

X axis : date & time
Y axis : count of events
Summary Table Detailed data with timestamp and count


A suggestion for useful interaction with this dashboard could be :

  1. The bar shall show SourceIP and DestinationIP wise number of hits.
  2. The next pie shall shows contribution of source locations.Details of information can be seen in the summary table.How to remove this filter is explained here

Paloalto Blocked External Source Dashboard

Go to "Dashboards" from the left menu. From the list of in-built dashboards, select this one. It shall open the Dashboard. This dashboard shows the blocked external sources traffic of Palo Alto firewall.

You can filter and search information and create new ones too. For help with Dashboards, click here

Elements in the Dashboard are explained below :

Elements in "Paloalto Allowed External Source" Dashboard
Visualization Description
Contribution of Source Location pie chart Contribution of source locations of paloalto firewall.
Source wise Hits bar graph X axis : one or more SourceIP(s)

Y axis : SourceIP wise number of hits.

Destination wise Hits bar graph X axis : one or more DestinationIP(s)

Y axis : DestinationIP wise number of hits.

Time trend Trend of login events over time. Useful to identify unusual spikes at a glance.

X axis : date & time
Y axis : count of events
Summary Table Detailed data with timestamp and count


A suggestion for useful interaction with this dashboard could be :

  1. The bar shall show SourceIP and DestinationIP wise number of hits.
  2. The next pie shall shows contribution of source locations.Details of information can be seen in the summary table.How to remove this filter is explained here
Retrieved from "http://khika.com/wiki/index.php?title=KHIKA_App_for_PaloAlto_Firewall&oldid=1182"