V-207690
Palo Alto Networks IDPS Security Technical Implementation Guide
Title
The Palo Alto Networks security platform must capture traffic of detected/dropped malicious code.
Description
<VulnDiscussion>Associating event outcome with detected events in the log provides a means of investigating an attack or suspected attack. The logs should identify what servers, destination addresses, applications, or databases were potentially attacked by logging communications traffic between the target and the attacker. All commands that were entered by the attacker (such as account creations, changes in permissions, files accessed, etc.) during the session should also be logged when capturi...
Fix Text (Documentation Requirement)
This procedure will only capture the first packet. See the vendor documentation for further information. Go to Objects >> Security Profiles >> Antivirus Select the name of a configured Antivirus Profile or select "Add" to create a new one. In the "Antivirus Profile" window, complete the required fields. In the "Antivirus" tab, select the "Packet Capture" check box. Select "OK". Configure an Anti-Spyware Profile to capture detected malicious traffic. Go to Objects >> Security Profiles >> Anti-Spyware Select the name of a configured Anti-Spyware Profile or select "Add" to create a new one. In the "Anti-Spyware Profile" window, complete the required fields in all tabs. In the "Rules" tab, select the name of a configured Anti-Spyware Rule or select "Add" to create a new one. In the "Anti-Sp...