Palo Alto Networks firewall logon monitoring

Firewalls are an important point of access to any network. They control incoming and outgoing traffic based on set policies. An easy way for attackers to bypass firewalls and gain access to networks is by tampering with firewall policies or other configurations. Users with firewall access can control critical firewall parameters, so auditing their logons is an effective way to ensure that the network is secure.

Palo Alto Networks firewalls allow administrators and end users to log on to their web interface or portals a few different ways. With multiple logon methods, user access logs act as a common point for obtaining all logon-related information. Auditing this information allows administrators to:

• Locate hosts with an abnormally high number of logons to the firewall during a specific time frame.
• Identify logons outside of work hours.
• Flag users with multiple failed logons.
• Discover trends in logon patterns and improve network understanding.

EventLog Analyzer automates the auditing process by providing clear, predefined reports and alerts to monitor Palo Alto Networks firewall logons.

Logon monitoring reports for Palo Alto Networks

Two groups of reports are available for monitoring Palo Alto Networks firewall logons: logon reports and failed logon reports. The reports available under each group show the following:

• A list of all successful or failed logons.
• The source devices with the most frequent successful or failed logons.
• Users with the most frequent successful or failed logons.
• Successful or failed logon trends over time.

Available Reports

Successful Logons | Top Successful Logons from Source | Top Successful Logons by Users | Successful Logons Trend | Failed Logons | Top Failed Logons from Source | Top Failed Logons by Users | Failed Logons Trend