topic Re: Question About Categorizing Domains to Suppress Correlated Events in General Topics https://live.paloaltonetworks.com/t5/general-topics/question-about-categorizing-domains-to-suppress-correlated/m-p/1231561#M124549 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/727052043">@L.Cartooms</a>,</P> <P>These events are point in time, so the past events would not clear from the logs once the domain is categorized. It would simply suppress the event from being generated again since it's no longer unknown.&nbsp;</P> Wed, 11 Jun 2025 21:10:39 GMT BPry 2025-06-11T21:10:39Z Question About Categorizing Domains to Suppress Correlated Events https://live.paloaltonetworks.com/t5/general-topics/question-about-categorizing-domains-to-suppress-correlated/m-p/1231520#M124546 <P data-start="167" data-end="174">Hi all,</P> <P data-start="176" data-end="251">We are using Palo Alto firewalls in our network, running PAN-OS 10.2.12-h6.<BR /><BR /></P> <P data-start="253" data-end="487">When navigating to <STRONG data-start="272" data-end="334">Monitor &gt; Automated Correlation Engine &gt; Correlated Events</STRONG>, we often see entries like the following:&nbsp;<EM data-start="379" data-end="487">“Host repeatedly visited uncategorized domain (20 times), and performed EXE downloads from these domains.”<BR /><BR /></EM></P> <P data-start="489" data-end="629">I would like to flag these domains or IP addresses as safe or categorize them so that I no longer receive alerts for known, trusted domains.<BR /><BR /></P> <P data-start="631" data-end="962">Typically, I categorize domains using the <A href="https://urlfiltering.paloaltonetworks.com/" target="_blank">Palo Alto Networks URL filtering - Test A Site</A>&nbsp;page. My question is:<BR data-start="745" data-end="748" />If I categorize a domain through that page, will it affect how these events are generated? Specifically, will the correlated events disappear if the domains are categorized as benign through the URL filtering tool?</P> <P data-start="964" data-end="996"><BR />Thanks in advance for your help.</P> <P><SPAN>&nbsp;</SPAN></P> Wed, 11 Jun 2025 10:00:33 GMT https://live.paloaltonetworks.com/t5/general-topics/question-about-categorizing-domains-to-suppress-correlated/m-p/1231520#M124546 L.Cartooms 2025-06-11T10:00:33Z Re: Question About Categorizing Domains to Suppress Correlated Events https://live.paloaltonetworks.com/t5/general-topics/question-about-categorizing-domains-to-suppress-correlated/m-p/1231561#M124549 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/727052043">@L.Cartooms</a>,</P> <P>These events are point in time, so the past events would not clear from the logs once the domain is categorized. It would simply suppress the event from being generated again since it's no longer unknown.&nbsp;</P> Wed, 11 Jun 2025 21:10:39 GMT https://live.paloaltonetworks.com/t5/general-topics/question-about-categorizing-domains-to-suppress-correlated/m-p/1231561#M124549 BPry 2025-06-11T21:10:39Z