topic Why is XP Detection Signature not consistantly tripping? in Automation/API Discussions https://live.paloaltonetworks.com/t5/automation-api-discussions/why-is-xp-detection-signature-not-consistantly-tripping/m-p/34946#M839 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>We have created a custom vulnerability signature to detect XP devices based on identifying the user agent string as described in&nbsp; <A href="https://live.paloaltonetworks.com/docs/DOC-6948">Custom vulnerability signature for identifying Windows XP clients</A> .&nbsp;&nbsp; The issue we are encountering is that the signature by default has an action of alert but in the vulnerability profile there is an exception response of reset-client. The issue we encountering is that the signature action is inconsistant.&nbsp; We are seeing threat log entries with the action of alert as opposed to the anticipated action of reset-client.&nbsp; Any ideas what might be causing this behavior?</P><P></P><P>Any ideas or thoughts would be appreciated.</P><P></P><P>Phil&nbsp;&nbsp; </P></BODY></HTML> Thu, 16 Apr 2015 01:51:14 GMT HITSSEC 2015-04-16T01:51:14Z Why is XP Detection Signature not consistantly tripping? https://live.paloaltonetworks.com/t5/automation-api-discussions/why-is-xp-detection-signature-not-consistantly-tripping/m-p/34946#M839 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>We have created a custom vulnerability signature to detect XP devices based on identifying the user agent string as described in&nbsp; <A href="https://live.paloaltonetworks.com/docs/DOC-6948">Custom vulnerability signature for identifying Windows XP clients</A> .&nbsp;&nbsp; The issue we are encountering is that the signature by default has an action of alert but in the vulnerability profile there is an exception response of reset-client. The issue we encountering is that the signature action is inconsistant.&nbsp; We are seeing threat log entries with the action of alert as opposed to the anticipated action of reset-client.&nbsp; Any ideas what might be causing this behavior?</P><P></P><P>Any ideas or thoughts would be appreciated.</P><P></P><P>Phil&nbsp;&nbsp; </P></BODY></HTML> Thu, 16 Apr 2015 01:51:14 GMT https://live.paloaltonetworks.com/t5/automation-api-discussions/why-is-xp-detection-signature-not-consistantly-tripping/m-p/34946#M839 HITSSEC 2015-04-16T01:51:14Z