This tutorial shows how automated actions can be taken by a Palo Alto Networks firewall in response to any log entry using the (PAN-OS 8+) Auto-Tagging feature. In this video you will see how Auto-Tagging can quarantine a host which has been sinkholed by the AntiSpyware security profile. Typically a host would be sinkholed if it made a DNS query for a domain known to be malicious. Although possible that a user would accidentally perform a DNS lookup of a malicious domain, it is more likely that the DNS request is the result of a malware infection. This video shows how to use the following Palo Alto Networks firewall features to quarantine, notify and enable un-quarantine activities without burdening the firewall operators:
Auto-Tagging
Log Forwarding Profile
Anti-Spyware Security Profile
DNS Sinkhole
Dynamic Address Groups
URL Filtering