The Management Pack for Palo Alto creates alerts (and in some cases provides recommended actions) based on various symptoms it detects in your Palo Alto Environment. See the table below for the list of alerts available in the Management Pack.
Alerts List
Name | Description | Symptom | Recommendation |
---|---|---|---|
Application has Threat: Critical | This alert indicates that a Critical alert was raised in PaloAltoNetworks. | Threat: Critical | See the Palo Alto threats log for more details. |
Application has Threat: Info | This alert indicates that a Info alert was raised in PaloAltoNetworks. | Threat: Info | See the Palo Alto threats log for more details. |
Application has Threat: Warning | This alert indicates that a Warning alert was raised in PaloAltoNetworks. | Threat: Warning | See the Palo Alto threats log for more details. |
Next Generation Firewall has Threat: Critical | This alert indicates that a Critical alert was raised in PaloAltoNetworks. | Threat: Critical | See the Palo Alto threats log for more details. |
Next Generation Firewall has Threat: Info | This alert indicates that a Info alert was raised in PaloAltoNetworks. | Threat: Info | See the Palo Alto threats log for more details. |
Next Generation Firewall has Threat: Warning | This alert indicates that a Warning alert was raised in PaloAltoNetworks. | Threat: Warning | See the Palo Alto threats log for more details. |
VSYS has Threat: Critical | This alert indicates that a Critical alert was raised in PaloAltoNetworks. | Threat: Critical | See the Palo Alto threats log for more details |
VSYS has Threat: Info | This alert indicates that a Info alert was raised in PaloAltoNetworks. | Threat: Info | See the Palo Alto threats log for more details |
VSYS has Threat: Warning | This alert indicates that a Warning alert was raised in PaloAltoNetworks. | Threat: Warning | See the Palo Alto threats log for more details |
Policy Based Forwarding Table Rule has Next Hop State Event | This alert indicates that a Warning alert was raised in PaloAltoNetworks. | Next Hop State Event | |
Hardware Interface High Received Throughput | This alert indicates that a high throughput was detected on this interface. | If a Policy Based Forwarding Rule is a child of this interface, validate rule is appropriate. | |
Hardware Interface High Sent Throughput | This alert indicates that a high throughput was detected on this interface. | If a Policy Based Forwarding Rule is a child of this interface, validate rule is appropriate. | |
Logical Interface High Received Throughput | This alert indicates that a high throughput was detected on this interface. | If a Policy Based Forwarding Rule is a child of this interface, valide rule is appropriate. | |
Logical Interface High Sent Throughput | This alert indicates that a high throughput was detected on this interface. | If a Policy Based Forwarding Rule is a child of this interface, valide rule is appropriate. | |
Physical Port High Received Throughput | This alert indicates that a high throughput was detected on this interface. | If a Policy Based Forwarding Rule is a child of this interface, valide rule is appropriate. | |
Physical Port High Sent Throughput | This alert indicates that a high throughput was detected on this interface. | If a Policy Based Forwarding Rule is a child of this interface, valide rule is appropriate. | |
Logical IP Spoof Attack Occurred | This alert indicates that at least one attack was detected on this interface. | ||
Logical IP Land Attack Occurred | This alert indicates that at least one attack was detected on this interface. | ||
Logical IP MAC Attack Occurred | This alert indicates that at least one attack was detected on this interface. | ||
Logical IP Ping-Of-Death Attack Occurred | This alert indicates that at least one attack was detected on this interface. | ||
Logical IP Teardrop Attack Occurred | This alert indicates that at least one attack was detected on this interface. | ||
Next Generation Firewall CPU Average Load Higher than Normal | This alert indicates that the average load is higher than normal on the Firewall's CPU. | Examine running process on the firewall and determine what is causing the high load. | |
Next Generation Firewall CPU Busy | This alert indicates that the CPU Busy value is too high. | Examine the detailed breakdown of CPU usage on the object and determine why the CPU is busy. | |
Next Generation Firewall CPU Busy | This alert indicates that the CPU Busy value is too high. | Examine the detailed breakdown of CPU usage on the object and determine why the CPU is busy. | |
Next Generation Firewall Data Plane Utilization CPU | This alert indicates that the CPU Utilization value is too high. | ||
Next Generation Firewall Data Plane Utilization CPU | This alert indicates that the CPU Utilization value is too high. | ||
Next Generation Firewall CPU Hardware Interrupts | This alert indicates that the CPU Hardware Interrupts value is too high. | This is often caused by a broken peripheral. Check environment for a broken peripheal. | |
Next Generation Firewall CPU Hardware Interrupts | This alert indicates that the CPU Hardware Interrupts value is too high. | This is often caused by a broken peripheral. Check environment for a broken peripheal. | |
Next Generation Firewall System CPU | This alert indicates that the kernel CPU value is too high. | This is sometimes acceptable, but if it occurs over a long period of time, it could suggest a problem with the driver or kernel itself. | |
Next Generation Firewall System CPU | This alert indicates that the kernel CPU value is too high. | This is sometimes acceptable, but if it occurs over a long period of time, it could suggest a problem with the driver or kernel itself. | |
Next Generation Firewall Management Plane Utilization CPU | This alert indicates that the CPU Utilization value is too high. | ||
Next Generation Firewall Management Plane Utilization CPU | This alert indicates that the CPU Utilization value is too high. | ||
Next Generation Firewall CPU User Space Processes Niced | This alert indicates that the User Space Proceess Niced CPU value is too high. | This is acceptable if the niceness level of the process causing the spike is greater than 0. If it is less than 0, the process should be examined as it could cause the system to become less responsive. More info on processes can be found through the CLI by running `show system resources`. | |
Next Generation Firewall CPU User Space Processes Niced | This alert indicates that the User Space Proceess Niced CPU value is too high. | This is acceptable if the niceness level of the process causing the spike is greater than 0. If it is less than 0, the process should be examined as it could cause the system to become less responsive. More info on processes can be found through the CLI by running `show system resources`. | |
Next Generation Firewall CPU Software Interrupts | This alert indicates that the Software Interrupts CPU value is too high. | Determine which process is causing the bulk of the software interrupts and determine whether this can be killed or restarted. More info on processes can be found through the CLI by running `show system resources`. | |
Next Generation Firewall CPU Software Interrupts | This alert indicates that the Software Interrupts CPU value is too high. | Determine which process is causing the bulk of the software interrupts and determine whether this can be killed or restarted. More info on processes can be found through the CLI by running `show system resources`. | |
Next Generation Firewall CPU Stolen | This alert indicates that the CPU Stolen value is too high. | Check the hypervisor for other virtual machines that are using a lot of CPU and remedy them, or move to another host. | |
Next Generation Firewall CPU Stolen | This alert indicates that the CPU Stolen value is too high. | Check the hypervisor for other virtual machines that are using a lot of CPU and remedy them, or move to another host. | |
Next Generation Firewall User Space Processes CPU | This alert indicates that the CPU Stolen value is too high. | Check for processes using too much CPU. This can be done through the CLI by running `show system resources`. Determine whether this process is safe to restart or kill. | |
Next Generation Firewall User Space Processes CPU | This alert indicates that the CPU Stolen value is too high. | Check for processes using too much CPU. This can be done through the CLI by running `show system resources`. Determine whether this process is safe to restart or kill. | |
Next Generation Firewall CPU Wait | This alert indicates that the CPU Wait value is too high. | If this occurs consistently, it could indicate a problem with the hard disk. If intermittent, it could mean that many I/O tasks are running which do not require a great amount of CPU time. | |
Next Generation Firewall CPU Wait | This alert indicates that the CPU Wait value is too high. | If this occurs consistently, it could indicate a problem with the hard disk. If intermittent, it could mean that many I/O tasks are running which do not require a great amount of CPU time. | |
Next Generation Firewall has High Availability Compatibility: Info | This alert indicates that a Info High Avaiability Configuration alert was raised in the firewall. | High Availability Compatibility: Info | See symptom for more info about the configuration mismatch. |
Next Generation Firewall has High Availability Failover: Warning | This alert indicates that a Warning alert was raised on the firewall due to failover. | High Availability Failover: Warning | |
Next Generation Firewall Fan has Raised an Alarm | This alert indicates that a fan has raised an alert. | Fan Alarm: Warning | See symptom for more info. |
Next Generation Firewall Thermal Sensor has Raised an Alarm | This alert indicates that a thermal sensor has raised an alert. | Thermal Alarm: Warning | See symptom for more info. |
Next Generation Firewall Power Rail has Raised an Alarm | This alert indicates that a power rail has raised an alert. | Power Rail Alarm: Warning | See symptom for more info. |