From Palo Alto Networks IDPS Security Technical Implementation Guide
Part of SRG-NET-000078-IDPS-00063
Associated with: CCI-000134
Associating event outcome with detected events in the log provides a means of investigating an attack or suspected attack.
Go to Objects >> Security Profiles >> Antivirus View the configured Antivirus Profiles. If the Packet Capture check box is not checked, this is a finding. Go to Objects >> Security Profiles >> Anti-Spyware View the configured Anti-Spyware Profiles. If the "Packet Capture" field does not show extended-capture, this is a finding. Go to Objects >> Security Profiles >> Vulnerability Protection View the configured Vulnerability Protection Profiles. If the "Packet Capture" field does not show extended-capture, this is a finding. Go to Policies >> Security Review each of the configured security policies in turn. For any Security Policy that affects traffic between Zones (interzone), view the "Profile" column. If the "Profile" column does not display the Antivirus Profile, Anti-Spyware, and Vulnerability Protection symbols, this is a finding.
Go to Objects >> Security Profiles >> Antivirus Select the name of a configured Antivirus Profile or select "Add" to create a new one. In the "Antivirus Profile" window, complete the required fields. In the "Antivirus" tab, select the "Packet Capture" check box. Select "OK". Configure an Anti-Spyware Profile to capture detected malicious traffic. Go to Objects >> Security Profiles >> Anti-Spyware Select the name of a configured Anti-Spyware Profile or select "Add" to create a new one. In the "Anti-Spyware Profile" window, complete the required fields in all tabs. In the "Rules" tab, select the name of a configured Anti-Spyware Rule or select "Add" to create a new one. In the "Anti-Spyware Rule" window, in the "Packet Capture" field, select "extended-capture". Select "OK". Select "OK" again. Configure a Vulnerability Protection Profile to capture detected malicious traffic. Go to Objects >> Security Profiles >> Vulnerability Protection Select the name of a configured Vulnerability Protection Profile or select "Add" to create a new one. In the "Vulnerability Protection Profile" window, complete the required fields. In the "Rules" tab, select the name of a configured Vulnerability Protection Rule or select "Add" to create a new one. In the "Vulnerability Protection Rule" window, in the "Packet Capture" field, select "extended-capture". Select "OK". Select "OK" again. Use the Antivirus Profile, Anti-Spyware Profile, and Vulnerability Protection Profile in a Security Policy. Go to Policies >> Security Select an existing policy rule or select "Add" to create a new one. In the "Actions tab in the Profile Setting section: In the "Profile Type" field, select "Profiles". The window will change to display the different categories of Profiles. In the "Antivirus" field, select the configured Antivirus Profile. In the "Anti-Spyware" field, select the configured Anti-Spyware Profile. In the "Vulnerability Protection" field, select the configured Vulnerability Protection Profile. Select "OK". Commit changes by selecting "Commit" in the upper-right corner of the screen. Select "OK" when the confirmation dialog appears.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer