topic Re: Threat alert emails in General Topics https://live.paloaltonetworks.com/t5/general-topics/threat-alert-emails/m-p/529302#M109266 <P>You can verify the action taken by looking at the associated threat logs on the firewall. If it says 'alert' then the firewall didn't block the activity.&nbsp;</P> <P>&nbsp;</P> <P>Personally my default assigned profile has critical and high severity alerts set to reset-both for client and server traffic. This voids the default action so that whatever signatures match this severity aren't allowed by default, and then I can make overrides as required. The downside to this method is that sometimes PAN will set a disruptive signature to alert at first to verify that they don't have any false positives before they change the default action; in this instance if I were to see false positives I need to manually override these specific signatures.</P> <P>&nbsp;</P> Tue, 31 Jan 2023 14:15:11 GMT BPry 2023-01-31T14:15:11Z Threat alert emails https://live.paloaltonetworks.com/t5/general-topics/threat-alert-emails/m-p/529293#M109265 <P>I see threat alerts as critical but no words of block. Are these still getting thru even if flagged as an alert? How do I verify or change to alert and block?</P> Tue, 31 Jan 2023 14:04:22 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-alert-emails/m-p/529293#M109265 MMurphy1 2023-01-31T14:04:22Z Re: Threat alert emails https://live.paloaltonetworks.com/t5/general-topics/threat-alert-emails/m-p/529302#M109266 <P>You can verify the action taken by looking at the associated threat logs on the firewall. If it says 'alert' then the firewall didn't block the activity.&nbsp;</P> <P>&nbsp;</P> <P>Personally my default assigned profile has critical and high severity alerts set to reset-both for client and server traffic. This voids the default action so that whatever signatures match this severity aren't allowed by default, and then I can make overrides as required. The downside to this method is that sometimes PAN will set a disruptive signature to alert at first to verify that they don't have any false positives before they change the default action; in this instance if I were to see false positives I need to manually override these specific signatures.</P> <P>&nbsp;</P> Tue, 31 Jan 2023 14:15:11 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-alert-emails/m-p/529302#M109266 BPry 2023-01-31T14:15:11Z