The Management Pack for Palo Alto creates alerts (and in some cases provides recommended actions) based on various symptoms it detects in your Palo Alto Environment. See the table below for the list of alerts available in the Management Pack.

Alerts List

Name Description Symptom Recommendation
Application has Threat: Critical This alert indicates that a Critical alert was raised in PaloAltoNetworks. Threat: Critical See the Palo Alto threats log for more details.
Application has Threat: Info This alert indicates that a Info alert was raised in PaloAltoNetworks. Threat: Info See the Palo Alto threats log for more details.
Application has Threat: Warning This alert indicates that a Warning alert was raised in PaloAltoNetworks. Threat: Warning See the Palo Alto threats log for more details.
Next Generation Firewall has Threat: Critical This alert indicates that a Critical alert was raised in PaloAltoNetworks. Threat: Critical See the Palo Alto threats log for more details.
Next Generation Firewall has Threat: Info This alert indicates that a Info alert was raised in PaloAltoNetworks. Threat: Info See the Palo Alto threats log for more details.
Next Generation Firewall has Threat: Warning This alert indicates that a Warning alert was raised in PaloAltoNetworks. Threat: Warning See the Palo Alto threats log for more details.
VSYS has Threat: Critical This alert indicates that a Critical alert was raised in PaloAltoNetworks. Threat: Critical See the Palo Alto threats log for more details
VSYS has Threat: Info This alert indicates that a Info alert was raised in PaloAltoNetworks. Threat: Info See the Palo Alto threats log for more details
VSYS has Threat: Warning This alert indicates that a Warning alert was raised in PaloAltoNetworks. Threat: Warning See the Palo Alto threats log for more details
Policy Based Forwarding Table Rule has Next Hop State Event This alert indicates that a Warning alert was raised in PaloAltoNetworks. Next Hop State Event
Hardware Interface High Received Throughput This alert indicates that a high throughput was detected on this interface. If a Policy Based Forwarding Rule is a child of this interface, validate rule is appropriate.
Hardware Interface High Sent Throughput This alert indicates that a high throughput was detected on this interface. If a Policy Based Forwarding Rule is a child of this interface, validate rule is appropriate.
Logical Interface High Received Throughput This alert indicates that a high throughput was detected on this interface. If a Policy Based Forwarding Rule is a child of this interface, valide rule is appropriate.
Logical Interface High Sent Throughput This alert indicates that a high throughput was detected on this interface. If a Policy Based Forwarding Rule is a child of this interface, valide rule is appropriate.
Physical Port High Received Throughput This alert indicates that a high throughput was detected on this interface. If a Policy Based Forwarding Rule is a child of this interface, valide rule is appropriate.
Physical Port High Sent Throughput This alert indicates that a high throughput was detected on this interface. If a Policy Based Forwarding Rule is a child of this interface, valide rule is appropriate.
Logical IP Spoof Attack Occurred This alert indicates that at least one attack was detected on this interface.
Logical IP Land Attack Occurred This alert indicates that at least one attack was detected on this interface.
Logical IP MAC Attack Occurred This alert indicates that at least one attack was detected on this interface.
Logical IP Ping-Of-Death Attack Occurred This alert indicates that at least one attack was detected on this interface.
Logical IP Teardrop Attack Occurred This alert indicates that at least one attack was detected on this interface.
Next Generation Firewall CPU Average Load Higher than Normal This alert indicates that the average load is higher than normal on the Firewall's CPU. Examine running process on the firewall and determine what is causing the high load.
Next Generation Firewall CPU Busy This alert indicates that the CPU Busy value is too high. Examine the detailed breakdown of CPU usage on the object and determine why the CPU is busy.
Next Generation Firewall CPU Busy This alert indicates that the CPU Busy value is too high. Examine the detailed breakdown of CPU usage on the object and determine why the CPU is busy.
Next Generation Firewall Data Plane Utilization CPU This alert indicates that the CPU Utilization value is too high.
Next Generation Firewall Data Plane Utilization CPU This alert indicates that the CPU Utilization value is too high.
Next Generation Firewall CPU Hardware Interrupts This alert indicates that the CPU Hardware Interrupts value is too high. This is often caused by a broken peripheral. Check environment for a broken peripheal.
Next Generation Firewall CPU Hardware Interrupts This alert indicates that the CPU Hardware Interrupts value is too high. This is often caused by a broken peripheral. Check environment for a broken peripheal.
Next Generation Firewall System CPU This alert indicates that the kernel CPU value is too high. This is sometimes acceptable, but if it occurs over a long period of time, it could suggest a problem with the driver or kernel itself.
Next Generation Firewall System CPU This alert indicates that the kernel CPU value is too high. This is sometimes acceptable, but if it occurs over a long period of time, it could suggest a problem with the driver or kernel itself.
Next Generation Firewall Management Plane Utilization CPU This alert indicates that the CPU Utilization value is too high.
Next Generation Firewall Management Plane Utilization CPU This alert indicates that the CPU Utilization value is too high.
Next Generation Firewall CPU User Space Processes Niced This alert indicates that the User Space Proceess Niced CPU value is too high. This is acceptable if the niceness level of the process causing the spike is greater than 0. If it is less than 0, the process should be examined as it could cause the system to become less responsive. More info on processes can be found through the CLI by running `show system resources`.
Next Generation Firewall CPU User Space Processes Niced This alert indicates that the User Space Proceess Niced CPU value is too high. This is acceptable if the niceness level of the process causing the spike is greater than 0. If it is less than 0, the process should be examined as it could cause the system to become less responsive. More info on processes can be found through the CLI by running `show system resources`.
Next Generation Firewall CPU Software Interrupts This alert indicates that the Software Interrupts CPU value is too high. Determine which process is causing the bulk of the software interrupts and determine whether this can be killed or restarted. More info on processes can be found through the CLI by running `show system resources`.
Next Generation Firewall CPU Software Interrupts This alert indicates that the Software Interrupts CPU value is too high. Determine which process is causing the bulk of the software interrupts and determine whether this can be killed or restarted. More info on processes can be found through the CLI by running `show system resources`.
Next Generation Firewall CPU Stolen This alert indicates that the CPU Stolen value is too high. Check the hypervisor for other virtual machines that are using a lot of CPU and remedy them, or move to another host.
Next Generation Firewall CPU Stolen This alert indicates that the CPU Stolen value is too high. Check the hypervisor for other virtual machines that are using a lot of CPU and remedy them, or move to another host.
Next Generation Firewall User Space Processes CPU This alert indicates that the CPU Stolen value is too high. Check for processes using too much CPU. This can be done through the CLI by running `show system resources`. Determine whether this process is safe to restart or kill.
Next Generation Firewall User Space Processes CPU This alert indicates that the CPU Stolen value is too high. Check for processes using too much CPU. This can be done through the CLI by running `show system resources`. Determine whether this process is safe to restart or kill.
Next Generation Firewall CPU Wait This alert indicates that the CPU Wait value is too high. If this occurs consistently, it could indicate a problem with the hard disk. If intermittent, it could mean that many I/O tasks are running which do not require a great amount of CPU time.
Next Generation Firewall CPU Wait This alert indicates that the CPU Wait value is too high. If this occurs consistently, it could indicate a problem with the hard disk. If intermittent, it could mean that many I/O tasks are running which do not require a great amount of CPU time.
Next Generation Firewall has High Availability Compatibility: Info This alert indicates that a Info High Avaiability Configuration alert was raised in the firewall. High Availability Compatibility: Info See symptom for more info about the configuration mismatch.
Next Generation Firewall has High Availability Failover: Warning This alert indicates that a Warning alert was raised on the firewall due to failover. High Availability Failover: Warning
Next Generation Firewall Fan has Raised an Alarm This alert indicates that a fan has raised an alert. Fan Alarm: Warning See symptom for more info.
Next Generation Firewall Thermal Sensor has Raised an Alarm This alert indicates that a thermal sensor has raised an alert. Thermal Alarm: Warning See symptom for more info.
Next Generation Firewall Power Rail has Raised an Alarm This alert indicates that a power rail has raised an alert. Power Rail Alarm: Warning See symptom for more info.