Threat name is not showing up in exported csv threat logs

Threat name is not showing up in exported csv threat logs

10961
Created On 10/25/19 06:55 AM - Last Modified 08/18/20 15:22 PM


Symptom


Starting from PAN-OS 8.0, the threat name is fetched online from ThreatVault in case the corresponding signature doesn't exist in the signature packages on the firewall.

Even if the firewall can properly fetch the threat name from ThreatVault, when the threat log is exported to a CSV file, the fetched threat name is not contained in the CSV file.
  1. Navigate: Web GUI > Monitor > Logs > Threat
User-added image
  1. Exported CSV file
User-added image

Cause


Palo Alto Networks firewall stores threat ID internally for threat log. When the firewall displays the threat log on Web GUI, threat name lookup is performed based on the signature packages installed on the firewall.

By design, ThreatVault query isn't performed when exporting to CSV log.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PNDQCA4&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language