User Tools
Sidebar
tips:paloalto
**This is an old revision of the document!** ----
A PCRE internal error occured. This might be caused by a faulty plugin
====== How to leverage Palo Alto User-ID and App-ID in Netflow analytics ====== Palo Alto firewalls are capable of exporting two very useful pieces for information in its Netflow export. The User-ID((User-ID Overview https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/user-id.html)) and App-ID ((App-ID documentation https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/app-id.html)) fields are added per-flow - User-ID : harvested from a number of mechanisms to map IP-Addresses to user names. The primary method is to interface with Microsoft Exchange / AD servers. - App-ID : the firewall deploys some heuristics to identify exact traffic types (eg Facebook, Google, Whatsapp) These two fields really turbo charge your visibility and investigation capabilities. This article explains how to leverage these in Trisul Network Analytics.
tips/paloalto.1572518542.txt.gz · Last modified: 2019/10/31 10:42 by veera
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
