Alert correlation between a Snort alert and a Palo Alto log using timestamp, source IP Address, destination IP Address, and source port. This can be used to validate if a snort alert can be dispositioned as weaponization or further research is required.
Example Snort alert: https://ace.local/saq/analysis?direct=2b1c3919-279e-445c-8125-f1a5b78cb7f5
unixfreak0037
commented
5 years ago
Alert correlation between a Snort alert and a Palo Alto log using timestamp, source IP Address, destination IP Address, and source port. This can be used to validate if a snort alert can be dispositioned as weaponization or further research is required. Example Snort alert: https://ace.local/saq/analysis?direct=2b1c3919-279e-445c-8125-f1a5b78cb7f5