topic why hacktool vulnerability is set to medium action alert? in General Topics https://live.paloaltonetworks.com/t5/general-topics/why-hacktool-vulnerability-is-set-to-medium-action-alert/m-p/454253#M101443 <P>Hello,</P><P>I've been looking a history entries in our threat log and it seems to me that most of the default settings for vulnerabilities - "action" are set to low, for example to "alert" - although they classify the threat as "medium" or "high". For example in the screenshot below the threat of this hacktool is set to "alert". Shouldn't this be a set at east to a drop\reset, etc or something that doesn't allow it? What's Palo's thinking behind this?</P><P>Thanks.<span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Capture11.JPG" style="width: 364px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/38223i7A75B481607D9F04/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="Capture11.JPG" alt="Capture11.JPG" /></span></P> Sun, 19 Dec 2021 19:43:15 GMT roma 2021-12-19T19:43:15Z why hacktool vulnerability is set to medium action alert? https://live.paloaltonetworks.com/t5/general-topics/why-hacktool-vulnerability-is-set-to-medium-action-alert/m-p/454253#M101443 <P>Hello,</P><P>I've been looking a history entries in our threat log and it seems to me that most of the default settings for vulnerabilities - "action" are set to low, for example to "alert" - although they classify the threat as "medium" or "high". For example in the screenshot below the threat of this hacktool is set to "alert". Shouldn't this be a set at east to a drop\reset, etc or something that doesn't allow it? What's Palo's thinking behind this?</P><P>Thanks.<span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Capture11.JPG" style="width: 364px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/38223i7A75B481607D9F04/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="Capture11.JPG" alt="Capture11.JPG" /></span></P> Sun, 19 Dec 2021 19:43:15 GMT https://live.paloaltonetworks.com/t5/general-topics/why-hacktool-vulnerability-is-set-to-medium-action-alert/m-p/454253#M101443 roma 2021-12-19T19:43:15Z Re: why hacktool vulnerability is set to medium action alert? https://live.paloaltonetworks.com/t5/general-topics/why-hacktool-vulnerability-is-set-to-medium-action-alert/m-p/454482#M101471 <P>Hello,</P> <P>There are legitimate use cases for this software. Palo Alto at times takes a conservative approach as not to break things and allow the end users to customize it for their needs. I always set anything medium and higher to be blocked.</P> <P>&nbsp;</P> <P>Regards,</P> Mon, 20 Dec 2021 21:15:03 GMT https://live.paloaltonetworks.com/t5/general-topics/why-hacktool-vulnerability-is-set-to-medium-action-alert/m-p/454482#M101471 OtakarKlier 2021-12-20T21:15:03Z