https://live.paloaltonetworks.com/t5/advanced-threat-prevention/block-on-app-id-apache-log4j/m-p/452810#M1415 <P>Hello All,</P><P>After a bit of help ...I' have never created a block type rule on a Palo and now my boss wants me to create a .block rule for the above.</P><P>We have about 300 policies in the our firewall so no idea how to create a block and apply it .</P><P>Can anybody give me any pointers ?&nbsp;</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 13 Dec 2021 12:37:36 GMT Scott64 2021-12-13T12:37:36Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/block-on-app-id-apache-log4j/m-p/452810#M1415 <P>Hello All,</P><P>After a bit of help ...I' have never created a block type rule on a Palo and now my boss wants me to create a .block rule for the above.</P><P>We have about 300 policies in the our firewall so no idea how to create a block and apply it .</P><P>Can anybody give me any pointers ?&nbsp;</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 13 Dec 2021 12:37:36 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/block-on-app-id-apache-log4j/m-p/452810#M1415 Scott64 2021-12-13T12:37:36Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/block-on-app-id-apache-log4j/m-p/453290#M1422 <P>You need to do it by applying vulnerability security profile to each policy, or edit the security profiles you already applied to the security rules.</P><P>&nbsp;</P><P>But, the default action of log4j vulnerability signatures are "reset-server" and severity are critical:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Sample_Wu_0-1639537778768.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/38152i0F583561A4C8FCFC/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="Sample_Wu_0-1639537778768.png" alt="Sample_Wu_0-1639537778768.png" /></span></P><P>&nbsp;</P><P>You just need to make sure the rule in each security profile is included severity critical and action is default or other suitable type, as below screenshot of the default profile:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Sample_Wu_1-1639537997579.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/38153i2C20A6A7FE4385A7/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="Sample_Wu_1-1639537997579.png" alt="Sample_Wu_1-1639537997579.png" /></span></P><P>&nbsp;</P><P>just provide me thought for you as a reference.</P><P>&nbsp;</P><P>Regards,</P><P>Sample</P><P>&nbsp;</P> Wed, 15 Dec 2021 03:14:02 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/block-on-app-id-apache-log4j/m-p/453290#M1422 Sample_Wu 2021-12-15T03:14:02Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/block-on-app-id-apache-log4j/m-p/453347#M1423 <P>Hi - Thanks for that&nbsp; - I have created what I hope is correct.</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Capture0.PNG" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/38158iD75BB4D1DBDC7BB7/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="Capture0.PNG" alt="Capture0.PNG" /></span></P><P>&nbsp;</P><P> </P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Capture1.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/38159i32BABFBEBC79DFAC/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="Capture1.png" alt="Capture1.png" /></span></P><P> Regards</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 15 Dec 2021 11:32:41 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/block-on-app-id-apache-log4j/m-p/453347#M1423 Scott64 2021-12-15T11:32:41Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/block-on-app-id-apache-log4j/m-p/465822#M1500 <BLOCKQUOTE><HR /><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/139060">@Scott64</a>&nbsp;wrote:<BR /><P>Hello All,</P><P>After a bit of help ...I' have never created a block type rule on a Palo and now my boss wants me to create a .block rule for the above.</P><P>We have about 300 policies in the our firewall so no idea how to create a block and apply it .</P><P>Can anybody give me any pointers ?&nbsp;</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>&nbsp;</P><HR /></BLOCKQUOTE><P>Upgrade to Log4j 2.3.2 (for Java 6), 2.12.4 (for Java 7), or 2.17.1 (for Java 8 and later).</P><P>In prior releases confirm that if the JDBC Appender is being used it is not configured to use any protocol other than Java.</P><P>Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability.</P><P>Also note that Apache Log4j is the only Logging Services subproject affected by this vulnerability. Other projects like Log4net and Log4cxx are not impacted by this.</P><P>&nbsp;</P> Tue, 15 Feb 2022 09:46:24 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/block-on-app-id-apache-log4j/m-p/465822#M1500 Kuhic567 2022-02-15T09:46:24Z