The Application Command Center, known as the ACC, is a powerful tool that can be found inside the PAN-OS WebGUI. This tool allows you to see traffic patterns to help determine if your security policy is working as it should or if any adjustments need to be made.
This Video Tutorial shows how to use the ACC to investigate traffic and get more information about what's going on in your network. The example also illustrates how to determine if any threats are associated with network activity.
Video Tutorial Transcript: How to Use the ACC for PAN-OS version 7.0 Part 2
This is Joe Delio from the Palo Alto Networks Community team bringing you a Video Tutorial.
I'll be showing you part 2 on how to use the latest version of the Application Command Center (ACC) for PAN-OS version 7.0.
In part 1 of this Video Turorial, I covered a lot of the windows, buttons and functions of the ACC. Now, I will show you a practical example about using the ACC to drill down and investigate traffic patterns you can view in the ACC.
What you will learn:
How to use the ACC to get more information about specific traffic.
How to use the Global find option to find more info and see what security policy rule is allowing the traffic.
Automated Correlation Engine (available only with a PA-3000, PA-5000, PA-7000 Series and Panorama).
We will start at the main screen of the ACC:
As an example, if we need to know about unwanted traffic, more specifically, under File Sharing, click on the outline to learn more.
Application sub-directory is displayed. Notice how it updates the table.
Look at the description and characteristics.
To know more about this application, click RapidShare.
Getting the most from the automated correlation engine
The automated correlation engine is available only with a PA-3000, PA-5000, PA-7000 series device and Panorama.
The automated correlation engine is an analytics tool that uses the logs on the firewall to detect actionable events on your network. The engine—
Correlates a series of related threat events that, when combined, indicate a likely attack on your network.
Pinpoints areas of risk, such as compromised hosts on the network, then allows you to assess the risk and take action to prevent exploitation of network resources.
Uses correlation objects to analyze the logs for patterns—when a match occurs, the engine generates a correlated event.
This concludes Part 2 of the ACC—How to use the Application Command Center (ACC) for PAN-OS 7.0 and later.
As always, please feel free to post feedback or comments.