topic Re: Status of a given threat signature? in Advanced Threat Prevention Discussions https://live.paloaltonetworks.com/t5/advanced-threat-prevention/status-of-a-given-threat-signature/m-p/452754#M1413 <P>Thank you for posting question&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/37508">@JimMcGrady</a>&nbsp;</P><P>&nbsp;</P><P>If signature is getting hit, you can check it in the Threat Log under: Monitor &gt; Logs &gt; Threat. You can narrow down to specific signature by this filter:&nbsp;( threatid eq &lt;signature ID&gt;).</P><P>&nbsp;</P><P>In order to check signature itself from Firewall navigate to: Objects &gt; Security Profiles &gt; AntiSpyware &gt; [Profile Name] &gt; Exceptions (Click: "Show All signatures"). You can filter the output to specific signature:&nbsp;( id eq 'Sugnature ID' ). From here you can see default signature action under: "Action". If there is a rule that is overriding default signature action, you will see it under: "Rule".</P><P>You can use the same way to check Vulnerability Signatures.</P><P>&nbsp;</P><P>Kind Regards</P><P>Pavel</P> Mon, 13 Dec 2021 01:27:24 GMT PavelK 2021-12-13T01:27:24Z Status of a given threat signature? https://live.paloaltonetworks.com/t5/advanced-threat-prevention/status-of-a-given-threat-signature/m-p/452740#M1412 <P>I'm running a 9.1 firewall with threat protection and wildfire. How do i check that a specific threat signature is turned on and blocking?</P> Mon, 13 Dec 2021 00:47:26 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/status-of-a-given-threat-signature/m-p/452740#M1412 JimMcGrady 2021-12-13T00:47:26Z Re: Status of a given threat signature? https://live.paloaltonetworks.com/t5/advanced-threat-prevention/status-of-a-given-threat-signature/m-p/452754#M1413 <P>Thank you for posting question&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/37508">@JimMcGrady</a>&nbsp;</P><P>&nbsp;</P><P>If signature is getting hit, you can check it in the Threat Log under: Monitor &gt; Logs &gt; Threat. You can narrow down to specific signature by this filter:&nbsp;( threatid eq &lt;signature ID&gt;).</P><P>&nbsp;</P><P>In order to check signature itself from Firewall navigate to: Objects &gt; Security Profiles &gt; AntiSpyware &gt; [Profile Name] &gt; Exceptions (Click: "Show All signatures"). You can filter the output to specific signature:&nbsp;( id eq 'Sugnature ID' ). From here you can see default signature action under: "Action". If there is a rule that is overriding default signature action, you will see it under: "Rule".</P><P>You can use the same way to check Vulnerability Signatures.</P><P>&nbsp;</P><P>Kind Regards</P><P>Pavel</P> Mon, 13 Dec 2021 01:27:24 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/status-of-a-given-threat-signature/m-p/452754#M1413 PavelK 2021-12-13T01:27:24Z