https://live.paloaltonetworks.com/t5/advanced-threat-prevention/how-to-view-the-quot-hits-quot-of-my-vulnerability-protection/m-p/150754#M4 <P>Thinking through it as&nbsp;I read back my own post. Is the rule I created applicable to my objective?</P><P>&nbsp;</P><P><FONT color="#ff0000"><STRONG>My Objective</STRONG></FONT>:</P><P><FONT color="#0000ff">Instead of me “manually” changing the default action for all “Critical” severity signatures as they&nbsp;are delivered by Palo Alto&nbsp;, I want a rule to do this for me automatically. Meaning, once a Signature update arrives (Vulnerability signature), all those that are “Critical” should have an Action of Drop, since I already set a rule that is applied in my Vulnerability profile. </FONT></P><P>&nbsp;</P><P>Or this rule is more on the "Threat" as it comes in, and not on the "Vulnerability Signature"? Sorry for branching out my question, I just want to nail this down really hard. Thanks again.</P><P>&nbsp;</P> Mon, 03 Apr 2017 06:21:01 GMT Eugene_Alejandro 2017-04-03T06:21:01Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/how-to-view-the-quot-hits-quot-of-my-vulnerability-protection/m-p/150753#M3 <P><STRONG>Hello Everyone,</STRONG></P><P>I am quite new to PA, so i would need your suggestion about this.</P><P>I created a Vulnerability Protection Rule wherein my goal is once a Signature update arrives (Vulnerability signature), all those that are “Critical” would have an automatic Action of <STRONG>Drop.</STRONG>&nbsp;And that&nbsp;I dont need to manually set the action for "Critical" threat one-by-one inside the "Exceptions" tab.<STRONG>&nbsp;</STRONG>Here's the rule i created.</P><P>&nbsp;</P><P><STRONG><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CriticalVulnerability.jpg" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/8603iE3C767C07A4CD06D/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="CriticalVulnerability.jpg" alt="CriticalVulnerability.jpg" /></span></STRONG></P><P>&nbsp;</P><P>Can you please advise if there is a custom report that I can set or a section where i can see the running "hits" for this rule? Just like how the Logs in the "Monitoring" tab display the running traffic, threats, etc etc.</P><P>&nbsp;</P><P>Thank you very much!!</P> Mon, 03 Apr 2017 03:27:03 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/how-to-view-the-quot-hits-quot-of-my-vulnerability-protection/m-p/150753#M3 Eugene_Alejandro 2017-04-03T03:27:03Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/how-to-view-the-quot-hits-quot-of-my-vulnerability-protection/m-p/150754#M4 <P>Thinking through it as&nbsp;I read back my own post. Is the rule I created applicable to my objective?</P><P>&nbsp;</P><P><FONT color="#ff0000"><STRONG>My Objective</STRONG></FONT>:</P><P><FONT color="#0000ff">Instead of me “manually” changing the default action for all “Critical” severity signatures as they&nbsp;are delivered by Palo Alto&nbsp;, I want a rule to do this for me automatically. Meaning, once a Signature update arrives (Vulnerability signature), all those that are “Critical” should have an Action of Drop, since I already set a rule that is applied in my Vulnerability profile. </FONT></P><P>&nbsp;</P><P>Or this rule is more on the "Threat" as it comes in, and not on the "Vulnerability Signature"? Sorry for branching out my question, I just want to nail this down really hard. Thanks again.</P><P>&nbsp;</P> Mon, 03 Apr 2017 06:21:01 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/how-to-view-the-quot-hits-quot-of-my-vulnerability-protection/m-p/150754#M4 Eugene_Alejandro 2017-04-03T06:21:01Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/how-to-view-the-quot-hits-quot-of-my-vulnerability-protection/m-p/160266#M18 If you look at the threat windows under monitor you can you can filter for ( subtype eq vulnerability ) once you have that filtered if you know what rule(s) the vulnerability profile is set to you can then click on the magnifier on the left and look at the details to get more information about the Threat Name that was blocked and the severity. Or depending on the version you are on you could look under the ACC Tab and check the Threat activity and filter by the critical severity and see the rule/count there. I hope that helps if not let me know. Thu, 08 Jun 2017 19:07:47 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/how-to-view-the-quot-hits-quot-of-my-vulnerability-protection/m-p/160266#M18 murphyj 2017-06-08T19:07:47Z