Extend Analytics-Enabled Threat Hunting and Investigations to the Palo Alto Networks Application Framework
Detecting and protecting from threats requires systems and analysts to proactively and reactively analyze large volumes of data. The volume and speed of the data coming in prevents users from performing even the most basic security analysis for much of the data. Firewall data contains useful information, however there’s so much of it that it presents challenges for most organizations to store and effectively analyze.
For a threat hunter or incident responder, life would be easier if they could receive an analyzed and meaningful subset of the firewall data including, but not limited to, critical threats, targeted inbound and outbound activity, correlated threat intelligence and anomalous behavior. When needed, the detailed source data (e.g. firewall logs) are just a mouse click away.