Palo Alto Networks firewall traffic log analyzer
Firewalls control all the traffic entering and leaving a network. This makes them an ideal subject for auditing tools that can monitor and analyze network traffic. EventLog Analyzer analyzes firewall data and shows which users are trying to access an organization's network. Along with the traffic trends and patterns, it can also improve network understanding and guide firewall policies.
Analyzing traffic data helps organizations:
- Identify highly active hosts on the network, which could warrant investigation if they are unusually active.
- Discover external traffic sources with a large amount of denied connections, which may call for a review of the allowed traffic from that source.
- Reveal unsafe applications. For instance, multiple denied connections on the port an application uses may point to a security threat.
- Display trends over time and show any deviations that may need further investigation.
EventLog Analyzer Palo Alto Networks traffic log reports
Traffic log analysis reports for Palo Alto Networks firewalls are split into two categories—allowed traffic reports and denied connection reports. Traffic log analysis reports include:
- An overview report of all the allowed or denied traffic.
- Top N reports, which identify the allowed or denied traffic connections with the highest frequency (based on source, destination, protocol, and port).
- A trend report which identifies allowed or denied traffic trends over time.
Top Traffic based on Source | Top Traffic based on Destination | Top Traffic based on Protocol | Top Traffic based on Port | Allowed Traffic Trend | Top Denied Connections based on Source | Top Denied Connections based on Destination | Top Denied Connections based on Protocol | Top Denied Connections based on Port | Denied Connections Trend
With EventLog Analyzer, schedule and review traffic reports periodically to better understand network traffic. Real-time alerts notify administrators of potential threats, prompting them to take appropriate actions and adjust firewall policies as needed.