tips:paloalto
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | |||
tips:paloalto [2019/11/01 17:47] – [New Counter Groups : User-ID and App-ID] veera | tips:paloalto [2019/11/01 18:25] (current) – [NAT issues] veera | ||
---|---|---|---|
Line 41: | Line 41: | ||
==== NAT issues ==== | ==== NAT issues ==== | ||
+ | |||
+ | The default behaviour is to show the Internal and External IP addresses. The NAT is hidden from Trisul , if you wish to see the NAT'd firewall address set the following parameter to FALSE in the [[https:// | ||
+ | |||
+ | < | ||
+ | < | ||
+ | |||
+ | </ | ||
+ | |||
+ | |||
+ | ==== Query by user-id and app-id ==== | ||
+ | |||
+ | The next step is to create a [[https:// | ||
+ | |||
+ | Login as admin, then go to profile0 > Flow Taggers > Create a new Flow Tagger. | ||
+ | |||
+ | {{: | ||
+ | |||
+ | Do the same for App-ID. | ||
+ | |||
+ | === Query flows === | ||
+ | |||
+ | |||
+ | //From Tools > Explore Flows// | ||
+ | Use the syntax '' | ||
+ | or '' | ||
+ | |||
+ | You can see the flow tags. | ||
+ | {{: | ||
+ | |||
+ | |||
+ | |||
+ | === Aggregate flows === | ||
+ | |||
+ | //From Tools > Aggregate Flows// | ||
+ | Use '' | ||
+ | |||
+ | This shows top IPs, top Applications, | ||
+ | |||
+ | A sample is shown below. | ||
+ | |||
+ | {{: | ||
+ | |||
+ | ==== Conclusion ==== | ||
+ | |||
+ | User-ID and App-ID attributes open up very powerful possibilities for visibility and investigation. Using the flexible tools offered by the Trisul platform you can customize in a variety of ways. Other tools you can use are " | ||
- | Create flow tags | ||
- | Query by user-id and app-id | ||
- | Aggregate flows | ||
- | Crosskeys | ||
tips/paloalto.txt · Last modified: 2019/11/01 18:25 by veera