Threat name is not showing up in exported csv threat logs - Knowledge Base - Palo Alto Networks

Threat name is not showing up in exported csv threat logs

13907

Created On 10/25/19 06:55 AM - Last Modified 08/23/24 06:18 AM

Threat Log

Threat Prevention

8.1

8.0

9.0

9.1

PAN-OS

Symptom

Starting from PAN-OS 8.0, the threat name is fetched online from Threat Vault in case the corresponding signature doesn't exist in the signature packages on the firewall.

Even if the firewall can properly fetch the threat name from Threat Vault, when the threat log is exported to a CSV file, the fetched threat name is not contained in the CSV file.

Navigate: Web GUI > Monitor > Logs > Threat

Exported CSV file

Environment

PAN-OS 8.1, 9.0 and 9.1

Cause

Palo Alto Networks firewall stores threat ID internally for threat log. When the firewall displays the threat log on Web GUI, threat name lookup is performed based on the signature packages installed on the firewall.

By design, Threat Vault query isn't performed when exporting to CSV log.

Resolution

This was addressed in PAN-OS 10.0.

Other users also viewed:

How to download GlobalProtect from the Customer Support Portal

Download and Install the GlobalProtect App for Windows

Resource List: GlobalProtect Configuring and Troubleshooting

PAN-OS Software Updates

Where to find the current preferred software versions? (PAN-OS, GlobalProtect, User-ID Agent, Plugins)