Palo Alto Traps OverviewResources Applies To: Palo Alto Traps Overview Palo Alto Traps advanced endpoint protection stops threats on the endpoint and coordinates enforcement with cloud and network security to prevent successful cyberattacks. Traps stands apart in its ability to protect endpoints. It blocks security breaches and successful ransomware attacks that leverage malware and exploits, known or unknown, before they can compromise endpoints. EventTracker is an enterprise-class platform that seamlessly combines SIEM, Log Management, Threat detection and so forth. EventTracker Knowledge Pack for Palo Alto Traps allows you to monitor the following components: - Security - Threat detection. Operation - Agent activity, system activity and Compliance - User logons, policy changes and ESM configuration changes. Once Palo Alto Traps is configured to deliver events to EventTracker Manager; alerts, dashboards and reports can be configured into EventTracker. Some of the Knowledge Packs available in EventTracker are listed below. For more information, please refer Integration Guide. Security Alerts Palo Alto Traps: Threats detected: This alert is generated when any threat is detected. Reports Palo Alto Traps- Threats detected - This report gives information about all the threats that are detected by Palo Alto Traps. Operation Alerts Palo Alto Traps: Critical agent activity: This alert is generated when any critical agent activity is done. Palo Alto Traps: Critical license usage: This alert is generated when any critical license is used. Reports Palo Alto Traps- Agent status- This report gives information about all the agent status such as client license invalid, client license request, enabled protection and so on. Palo Alto Traps- Agent activities- This report gives information about all the agent activities such as agent content update, agent policy change and so on. Palo Alto Traps- ESM system activities- This report gives information about all the system activities such as archived preventions, archived preventions failure, file upload failure and so on. Compliance Alerts Palo Alto Traps: User logins: This alert is generated when any user logon is done. Palo Alto Traps: Policy changed: This alert is generated when any policy is changed. Reports Palo Alto Traps- ESM user logon activities- This report gives information about all the user logon activities. Palo Alto Traps- ESM configuration changes- This report gives the information about all the ESM configuration changes that are done. Palo Alto Traps- ESM policy changes- This report gives information about all the ESM policy changes that are done. Scope The configurations detailed in this guide are consistent with EventTracker version 8.x and later, and Palo Alto Traps. Documentation For more information, please refer the Palo Alto Traps Integration guide.