Palo Alto Networks
Palo Alto Networks - Leading firewall and cybersecurity solutions.
Provider: Fortinet
Detection Rule | MITRE Tactic | MITRE Technique | Criticality | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
DNS Tunneling Detection | Command and Control | Application Layer Protocol (T1071.001) | High | ||||||||
|
|||||||||||
Suspicious File Transfer | Exfiltration | Exfiltration Over Command and Control Channel (T1041) | High | ||||||||
|
|||||||||||
Credential Dumping Attempt | Credential Access | Credential Dumping (T1003) | High | ||||||||
|
|||||||||||
Abnormal Endpoint Activity | Impact | Data Encrypted for Impact (T1486) | High | ||||||||
|
|||||||||||
Ransomware Activity | Impact | Data Encrypted for Impact (T1486) | High | ||||||||
|
|||||||||||
Anomalous Cloud Resource Access | Cloud Security | Cloud Service Dashboard Access (T1543.003) | Medium | ||||||||
|
|||||||||||
Suspicious API Calls | Collection | Data from Information Repositories (T1213) | Medium | ||||||||
|
|||||||||||
Unauthorized User Privilege Escalation | Privilege Escalation | Privilege Escalation via Exploit (T1068) | High | ||||||||
|
|||||||||||
Unexpected Geolocation Login | Initial Access | Valid Accounts (T1078) | High | ||||||||
|
|||||||||||
Anomalous Protocol Usage | Command and Control | Application Layer Protocol (T1071) | Medium | ||||||||
|
APIs and Their Scopes
Detection Rule | API Required | API Scope |
---|---|---|
DNS Tunneling Detection | getDNSLogs | read:logs |
Suspicious File Transfer | getFileTransferLogs | read:logs |
Credential Dumping Attempt | getAuthenticationLogs | read:logs |
Abnormal Endpoint Activity | getFileEncryptionEvents | read:logs |
Ransomware Activity | getFileActivityLogs | read:logs |
Anomalous Cloud Resource Access | getCloudResourceAccessLogs | read:logs |
Suspicious API Calls | getAPICalls | read:logs |
Unauthorized User Privilege Escalation | getUserPrivilegeChanges | read:logs |
Unexpected Geolocation Login | getLoginLogs | read:logs |
Anomalous Protocol Usage | getTrafficLogs | read:logs |
Reports and Widgets for CISO
Report Name | Widgets | Description |
---|---|---|
Executive Summary Report | Total incidents reported | High-level overview of security incidents and trends. |
Incident trend graph Risk score summary Compliance status overview |
||
Incident Response Effectiveness | Average response time per incident | Evaluation of incident response times and actions taken. |
Number of incidents by severity Top incident categories Percentage of incidents resolved within SLA |
||
Threat Landscape Overview | Top threat actors | Insights into the types and sources of threats detected. |
Types of malware detected Source IP addresses of threats Geolocation of attacks |
||
User Activity Report | Number of user logins per department | Analysis of user behavior and anomalies. |
Anomalous login attempts Access to sensitive data Top users with privilege escalations |
||
Data Exfiltration Summary | Volume of data transferred out | Overview of potential data loss incidents. |
Top external destinations Protocols used for data transfer Alerts triggered for exfiltration attempts |
||
Firewall Performance Report | Total blocked and allowed traffic | Metrics on firewall efficacy and performance. |
Top blocked applications Firewall throughput Number of active sessions |
||
Compliance Posture Report | Compliance score | Assessment of compliance with industry standards (e.g., GDPR, PCI-DSS). |
Compliance checklist status Non-compliance incidents Audit trail of changes made |
||
Vulnerability Management Report | Number of vulnerabilities identified | Summary of vulnerabilities detected and their status. |
Critical vs. non-critical vulnerabilities Remediation status Vulnerability age analysis |
||
Network Traffic Analysis | Top talkers by traffic volume | Insights into network behavior and anomalies. |
Traffic anomalies detected Traffic trends over time Protocol usage breakdown |
||
Policy Violation Report | Number of policy violations | Summary of incidents where policies were violated. |
Types of violations Users involved in violations Time to remediation for violations |