Manage real-time monitoring

When real-time monitoring is activated, AFA periodically checks devices for changes. For more details, see Monitored Content.

To view the most recent changes or changes for a specific period of time, see Viewing Real-Time Monitoring Results.

To configure users to receive e-mail notifications when changes are detected, see Configure event-triggered notifications.

To activate real time monitoring, see Configure real-time monitoring.

This section explains real-time monitoring results, and how to view the results.

Viewing Real-Time Monitoring Results

You can view the changes detected for individual devices, groups, or matrices. Changes can be viewed in either of the following formats:

• List of recent changes (from the last 30 days, by default). For details, see Viewing List of Recent Changes.
• Summary of changes over a specific period of time. For details, see Viewing Summaries of Changes for a Specified Period of Time.

Viewing List of Recent Changes

To view a list of recent changes for a device, group or matrix:

1. View the desired device, group, or matrix. For details, see View AFA device data, View AFA group data, and View AFA matrix data.

2. If the Changes tab is not selected, click the Changes tab.

   The Changes tab appears, displaying a list of recent changes for the selected device, group, or matrix.

   

   For information on the list's fields, see the table below.

3. To filter the information displayed in the list, do the following:
   1. To filter by date, click the field displaying the date range, and select a time period in the calendar which appears. You can select a beginning and end date, or you can select one of the relative options, such as This month.
   2. To filter by device, in the Device field, type the name of the desired device. This field is not relevant for individual devices.
   3. To filter by administrator who performed the change, in the Changed by field, type the administrator's username.

   4. Press Enter.

      The changes are filtered according to the specified parameters.

4. To view a summary of all changes that occurred at a specific instance, do the following:

   1. Hover over a change that occurred at the desired time.

      appears in the row.

   2. Click the icon.

      The Changes Summary Report for the desired instance opens in a new tab.

Changes List Fields

This field...	Displays...
Device	The device on which the change occurred. This field is not relevant for individual devices.
Date and Time	The date and time at which the change occurred.
Changed by	The administrator who performed the change.
Summary	A summary of device items affected by the change.

Viewing Summaries of Changes for a Specified Period of Time

To view a summary of changes for a specified period of time:

1. View the desired device, group, or matrix. For details, see View AFA device data, View AFA group data, and View AFA matrix data.

2. If the Changes tab is not selected, click the Changes tab.

   The Changes tab appears, displaying a list of recent changes for the selected device, group, or matrix.

3. Click the field displaying the date range.

   A calendar appears.

4. Do one of the following:
   • Select a start date, select and an end date, and then click Apply.
   • Select one of the relative time frame options, such as Last 7 Days or This month.

5. Click View changes summary.

   The Changes Summary Report opens in a new tab.

   

6. To export the summary to :

   • a PDF file, click . For more details, see Export AFA screens to PDF.

   • an XLS file, click .

Monitored Content

The change monitoring support for each device brand varies:

• All monitoring devices are monitored for any changes to the full configuration of the device.
• All devices which support full analyses / report generation are monitored for changes to the following:
  • Policy rules
  • Network object definitions
  • Service object definitions
  • Device topology
  • Audit logs
  • Full configuration (not for Check Point)
• For Palo Alto devices, URL categories are monitored as part of the rule change.
• For Check Point devices, the following items are additionally monitored:
  • User groups
  • Users
  • VPN communities
  • Global properties
  • NAT rules
  • Application Control Rules
  • Configuration of policy installation
• For cloud devices (such as Amazon Web Services and Microsoft Azure), the following specific items are monitored:
  • For the user account/subscription tier:
    • Aggregated changes in rules/risks/configuration
  • For the Region and VNet/VPC tier:
    • Addition/removal/modification of security sets
    • Aggregated changes in rules/risks/configuration/topology
  • For the security set tier:
    • Additional/removal of instances/ALBs/VMs
    • Changes in rules in security groups/network security groups and network ACLs/subnet network security groups
    • Addition/removal of security groups/network security groups and network ACLs/subnet network security groups

For more information about the different tiers in the device tree for cloud devices, see Device data for cloud devices.