The Palo Alto Log Activity dashboard shows an overview of all activity logged by the firewall. This includes all network filtering, policy changes, source and destination IP filtering taking place. Some key aspects of the dashboard.
All Log activity - this shows the log activity based on the date and time filter from the top right of the page.
Log Activity by Source Port - this shows a graph of the activity of ports in use on the network.
All Log Activity Source IP - this shows the activity the firewall is seeing based on the source address of the IP connection.
All Log Activity by Policy - this shows the activity the firewall is seeing based on policy type, eg allow, deny, login, auth fail etc.
All log Activity by Dest Port - This will show the destination port activity. High port usage may indicate that data is being exfiltrated out of the network spoofing an allowed protocol.
All Log Actiity by Dest IP - This will show the target destination IP of where the network traffic is responding to. This linked with the dest port details may help narrow down what protocol is being used to send the traffic.
Various status blocks to show the allowed, denied and general log rates.
