Testing Alerts for Data Filtering

Testing Alerts for Data Filtering

17518
Created On 09/25/18 19:49 PM - Last Modified 06/07/23 06:48 AM


Resolution


Data Filtering logs are part of the Informational Threat Logs.

 

1. Create 3 files with credit card information.

 

5376-4698-9386-4886
5564-8017-1758-1316
5464-9730-1302-5263
5257-2750-0534-2578
5564-9616-5310-6823
5483-3128-3984-7229
5352-9543-2663-9003
5130-0484-5710-3076
5210-3641-5712-1745
5559-4615-4452-4711 (1 text file with 10 credit card numbers)

 

5376-4698-9386-4886
5564-8017-1758-1316 (another text file with 2 credit card numbers)

 

5376-4698-9386-4886
5564-8017-1758-1316
5559-4615-4452-4711 (another text file with 3 credit card numbers)

 

I have set the CC weight to 1 and set alert level to 3 and block to 6.

 

For Configuring Data Filtering Profile, go to Objects_Tab > Security_Profiles > Data_Filtering:

Data_Filtering.jpg

 

For Configuring Data Filtering Pattern, go to Objects_Tab > Custom_Objects > Data_Patterns:

Data_Pattern.jpg

So when I sent these files through FTP, we got the following results:

 

+1st file, I get reset both on Data Filtering logs.

+2nd file, I did not get any alerts.

+3rd file, I got an alert on Data Filtering logs.

 

 



Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CleRCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language