What must be configured to apply tags automatically based on User-ID logs?
What must be configured to apply tags automatically based on User-ID logs?
To apply tags automatically based on User-ID logs, you must configure the log settings. This involves setting up how the firewall or Panorama handles User-ID logs to enable appropriate tagging actions. Log Forwarding profiles are used for other types of logs, such as Authentication, Data, Threat, Traffic, Tunnel Inspection, URL, and WildFire logs, but not for User-ID logs.
Must be B. "For User-ID, GlobalProtect, and IP-Tag logs, configure the log settings."
B is correct For Authentication, Data, Threat, Traffic, Tunnel Inspection, URL, and WildFire logs, create a log forwarding profile. For User-ID, GlobalProtect, and IP-Tag logs, configure the log settings.
Must be B : https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/policy/use-auto-tagging-to-automate-security-actions
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/policy/use-auto-tagging-to-automate-security-actions
B is correct. Set up for forwarding any management traffic logs such as User-ID, configuration logs, system logs, IP-Tag logs, GlobalProtect logs is under Device --> Log Settings, not under Objects --> Log Forwarding profile. Objects --> Log Forwarding profile is used for forwarding of data plane traffic logs (don't confuse which plane handles logging...logging and reporting is always handled by management plane, here I'm talking about type of traffic, whether it's data plane traffic or management plane traffic). So Log Forwarding profile under Objects is used to set up log forwarding for traffic logs, threat logs, wildfire logs etc.
"For User-ID, GlobalProtect, and IP-Tag logs, configure the log settings." https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/policy/use-auto-tagging-to-automate-security-actions
This question was on exam in June 24.
"D" - Correct Answer Step-1 Depending on the type of log you want to use for tagging, create a log forwarding profile or configure the log settings to define how you want the firewall or Panorama to handle logs. For Authentication, Data, Threat, Traffic, Tunnel Inspection, URL, and WildFire logs, create a log forwarding profile. For User-ID, GlobalProtect, and IP-Tag logs, configure the log settings. https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/policy/use-auto-tagging-to-automate-security-actions
It's not a very well-worded question, but the answer is B. As you posted, "For User-ID, GlobalProtect, and IP-Tag logs, configure the log settings." The question is about User-ID, so the answer is "log settings". To see what they are talking about, I looked at Device/Log Settings. This has a bunch of sections including one called "User-ID". In there is a pane entitled "Built-in Actions". If you click "Add", you can give the action a name, set the action to "add tag", and select a tag. I made a screencap: https://imgur.com/gallery/oSnvqpV
Hi ChiaPet75, referring the link you provide and reading the question carefully the correct answer is B configuring a log setting as it is clearly stated on the second bullet.
Depending on the type of log you want to use for tagging, create a log forwarding profile or configure the log settings to define how you want the firewall or Panorama to handle logs. For Authentication, Data, Threat, Traffic, Tunnel Inspection, URL, and WildFire logs, create a log forwarding profile. For User-ID, GlobalProtect, and IP-Tag logs, configure the log settings.
It's B
Only B is correct
Ans: B
B is correct