Change the Brute Force Trigger Criteria

Change the Brute Force Trigger Criteria

60802
Created On 09/26/18 13:44 PM - Last Modified 04/08/24 14:36 PM


Environment


  • PA Firewalls
  • All Panos releases with vulnerability Protection profile. 

Cause


  • One wants to edit the default value according to the company policy. 

Resolution


Overview

This document describes how to view and edit the default attempts it takes to successfully trigger a brute force attempt passing through the Palo Alto Networks firewall.

 

Steps

  1. Open the Vulnerability profile, go to Object > Security Profiles > Vulnerability Protection
  2. Open the Exceptions tab
  3. Click on Show All Signatures
  4. Type in "brute force" or the Threat ID in the search field
  5. Click on the pencil icon next to the signature name to customize
  6. After making the customization, click the Enable check box to enable the signature
    image.pngimage.pngimage.png
  7. Edit the Time Attributes, as desired. The Aggregation Criteria can be Source, Destination, or Source-and-Destination.
  8. Commit the changes

IMPORTANT NOTE:  The "Action" configured under "Exceptions" will take precedence over the action configured under "Rules" in the Vulnerability Protection profile. In the above screenshot, we can see that the action is "alert" and that's the action that'll be taken when this signature is triggered.

Additional Information


The list of brute force vulnerabilities is found in the following reference document: Brute Force Signature and Related Trigger Conditions
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClmsCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language