The botnet report enables you to use behavior-based mechanisms to identify potential malware- and botnet-infected hosts in your network. The report assigns each host a confidence score of 1 to 5 to indicate the likelihood of botnet infection, where 5 indicates the highest likelihood. Before scheduling the report or running it on demand, you must configure it to identify types of traffic as suspicious. The PAN-OS Administrator’s Guide provides details on
interpreting botnet report output
Before generating the botnet report, you must specify the types of traffic that indicate potential botnet activity (see
Configuring the Botnet Report). To schedule a daily report or run it on demand, click
and complete the following fields. To export a report, select it and
Export to PDF,
Export to CSV, or
Export to XML.
To specify the types of traffic that indicate potential botnet activity, click
on the right side of the
page and complete the following fields. After configuring the report, you can run it on demand or schedule it to run daily (see
Monitor > PDF Reports > Manage PDF Summary).
|Botnet Configuration Setting||Description|