A root cause analysis investigation into a recent security incident reveals that several decryption rules have been disabled. The security team wants to generate email alerts when decryption rules are changed.
How should email log forwarding be configured to achieve this goal?
To generate email alerts when decryption rules are changed, the relevant configuration log filter should be set inside Device > Log Settings. Configuration logs are related to changes in device settings, such as enabling or disabling decryption rules. Setting up log filters in the configuration log settings will allow the system to trigger email alerts for these types of changes.
B. Config related logs are generated by the management plane, hence in the device section
B. https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/configure-email-alerts
Log forwarding does not seem possible for configuration logs. Does show up at Device > Log Settings, so answer B.