When generating custom reports on a Palo Alto Networks firewall, the administrator must first select the underlying database that the report will query. The firewall maintains two primary types of databases for reporting:Summary DatabasesandDetailed Logs. The Summary Databases aggregate data every 15 minutes for faster report generation, whereas Detailed Logs provide a granular look at every single event.
The valid databases available for custom reports include:
Summary Databases:Traffic, Threat, URL Filtering, Application Statistics, and Tunnel Inspection.
Detailed Logs:Traffic, Threat, URL Filtering, WildFire Submissions, Data Filtering, HIP Match, GlobalProtect, IP-Tag, User-ID, Decryption, Tunnel, Authentication, and SCTP.
OptionAis the correct answer because all four components (Threat, URL Filtering, WildFire Submissions, and GlobalProtect) are distinct, valid database types that can be selected from the "Database" dropdown menu in the Custom Report configuration (found underMonitor > Manage Custom Reports > Add).
Option B is also composed of valid databases; however, in the context of Palo Alto Networks certification objectives, Option A is typically the highlighted set for demonstrating visibility into security-related network events. Option C is incorrect because "Endpoint Security" is not a valid database name in the firewall’s reporting engine (the firewall uses "HIP Match" for host information). Option D is incorrect because the "Config" and "System" logs are generally viewed through the standard Log Viewer and are not available as source databases for the Custom Report builder, nor is there a "Session Flow" database in this context.
