Test that a Threat Signature is Enabled?

kamorris — Thu, 20 Dec 2018 19:44:23 GMT

Hello,

Is there a way of testing if a specific Threat Signature is enabled? I recently automated critical threat signatures. both vulnerabilities and anti-spyware, to be set to reset-both, but I want to make sure it is working and the new critical signatures are indeed enabled and ready to reset-both. I have done some random searches and haven't been able to find one that has been hit and I really don't want to take the wait and see approach here. Thoughts?

Kim

Re: Test that a Threat Signature is Enabled?

mivaldi — Thu, 20 Dec 2018 19:55:50 GMT

The best way to test it would be to run a pentest. Obtain the proof of concept (PoC) and run the exploit through the box. If it doesn't fire, that would be a great false negative finding and you should report it, providing a full client packet capture and details on the PoC to Palo Alto Networks Support, to review how the signature needs to be improved.

topic Test that a Threat Signature is Enabled? in Advanced Threat Prevention Discussions

Test that a Threat Signature is Enabled?

Re: Test that a Threat Signature is Enabled?