https://live.paloaltonetworks.com/t5/general-topics/acc-shows-threat-hit-with-severity-as-medium-while-threatlogs/m-p/20913#M15277 <HTML><HEAD></HEAD><BODY><P>Hi Sandeep,</P><P></P><P>Now I´m able to post my screenshots.</P><P>First from ACC:</P><P><IMG alt="ACC.png" class="jive-image-thumbnail jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/5645_ACC.png" width="450" /></P><P>Second from Monitor:</P><P><IMG alt="Monitor.png" class="jive-image-thumbnail jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/5646_Monitor.png" width="450" /></P><P></P><P>As you can see in the Threatlogs, the same type of Spyware´s severity is "Informational". Since Friday afternoon suddenly it is "Medium".</P><P>In ACC it was always shown with Severity "Medium"</P><P>Maybe there was an update in the last days?</P><P></P><P>Thanks,</P><P>Alex.</P></BODY></HTML> Mon, 18 Feb 2013 07:16:47 GMT Alex_Graser 2013-02-18T07:16:47Z https://live.paloaltonetworks.com/t5/general-topics/acc-shows-threat-hit-with-severity-as-medium-while-threatlogs/m-p/20910#M15274 <HTML><HEAD></HEAD><BODY><P>Hi All,</P><P></P><P>currently we have a Test-device from PaloAlto for evaluation (PA-5020, PANOS 5.0.2, AV-Sig 946-1309, App&amp;Threats-Version 357-1692, URL-Filter 4044).</P><P></P><P>Today I took a look at Threat Prevention Summary in ACC and saw a few Hits "Trojan-Ransom.foreign:madeleine.adclear.net" ID=4091550 with Severity "Medium".</P><P>Then I was searching in ThreatLogs and filterd to show only events with severity mediu, high or critical. First I was wondering why I didn´t see the hits which were shown in ACC but then I applied another filter, this time to show only the Attacker (which i got also from ACC) and with this filter I found the hit in the ThreatLog.</P><P>BUT: in ThreatLog this Hit was with severity "Informational".</P><P></P><P>So I´m wondering why is the severity different in ACC from that in ThreatLog? I assume the Severity comes from the Signature itself, so it should be the same severity in ACC as well as in ThreatLogs. Or am I missing something?</P><P></P><P>It´s important for me to understand, because I have AntiSpyware-Profile which does a PacketCapture on Severity from Medium to Critical. Since the ThreatLog shows Severity "Informational" no capture was taken.</P><P></P><P>Any hints on this would be usefull for me!</P><P></P><P>Thanks a lot!</P><P>Alex.</P></BODY></HTML> Fri, 15 Feb 2013 12:30:25 GMT https://live.paloaltonetworks.com/t5/general-topics/acc-shows-threat-hit-with-severity-as-medium-while-threatlogs/m-p/20910#M15274 Alex_Graser 2013-02-15T12:30:25Z https://live.paloaltonetworks.com/t5/general-topics/acc-shows-threat-hit-with-severity-as-medium-while-threatlogs/m-p/20911#M15275 <HTML><HEAD></HEAD><BODY><P>The ACC and the threat logs should represent the same information. I have checked my lab device and it is working as expected as shown below. <IMG alt="Screen Shot 2013-02-15 at 9.42.08 AM.png" class="jive-image-thumbnail jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/5630_Screen Shot 2013-02-15 at 9.42.08 AM.png" width="450" /></P><P><IMG alt="Screen Shot 2013-02-15 at 9.42.23 AM.png" class="jive-image-thumbnail jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/5631_Screen Shot 2013-02-15 at 9.42.23 AM.png" width="450" /></P><P></P><P>Would it be possible for you to attach a screenshot of yours ?</P><P></P><P>Thanks,</P><P>Sandeep T</P></BODY></HTML> Fri, 15 Feb 2013 17:44:41 GMT https://live.paloaltonetworks.com/t5/general-topics/acc-shows-threat-hit-with-severity-as-medium-while-threatlogs/m-p/20911#M15275 sdurga 2013-02-15T17:44:41Z https://live.paloaltonetworks.com/t5/general-topics/acc-shows-threat-hit-with-severity-as-medium-while-threatlogs/m-p/20912#M15276 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>I will take screenshots and will post it on monday.</P><P>thanks,</P><P>alex.</P></BODY></HTML> Fri, 15 Feb 2013 19:29:06 GMT https://live.paloaltonetworks.com/t5/general-topics/acc-shows-threat-hit-with-severity-as-medium-while-threatlogs/m-p/20912#M15276 Alex_Graser 2013-02-15T19:29:06Z https://live.paloaltonetworks.com/t5/general-topics/acc-shows-threat-hit-with-severity-as-medium-while-threatlogs/m-p/20913#M15277 <HTML><HEAD></HEAD><BODY><P>Hi Sandeep,</P><P></P><P>Now I´m able to post my screenshots.</P><P>First from ACC:</P><P><IMG alt="ACC.png" class="jive-image-thumbnail jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/5645_ACC.png" width="450" /></P><P>Second from Monitor:</P><P><IMG alt="Monitor.png" class="jive-image-thumbnail jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/5646_Monitor.png" width="450" /></P><P></P><P>As you can see in the Threatlogs, the same type of Spyware´s severity is "Informational". Since Friday afternoon suddenly it is "Medium".</P><P>In ACC it was always shown with Severity "Medium"</P><P>Maybe there was an update in the last days?</P><P></P><P>Thanks,</P><P>Alex.</P></BODY></HTML> Mon, 18 Feb 2013 07:16:47 GMT https://live.paloaltonetworks.com/t5/general-topics/acc-shows-threat-hit-with-severity-as-medium-while-threatlogs/m-p/20913#M15277 Alex_Graser 2013-02-18T07:16:47Z https://live.paloaltonetworks.com/t5/general-topics/acc-shows-threat-hit-with-severity-as-medium-while-threatlogs/m-p/20914#M15278 <HTML><HEAD></HEAD><BODY><P>Is it the same threatid in both cases?</P><P></P><P>I get no hits at all in threat vault when searching for Trojan-Ransom.foreign:medeleine.adclear.net (or part of that name) - and yes I did try to search in all dbs (vuln, spyware, virus).</P></BODY></HTML> Mon, 18 Feb 2013 09:32:54 GMT https://live.paloaltonetworks.com/t5/general-topics/acc-shows-threat-hit-with-severity-as-medium-while-threatlogs/m-p/20914#M15278 mikand 2013-02-18T09:32:54Z https://live.paloaltonetworks.com/t5/general-topics/acc-shows-threat-hit-with-severity-as-medium-while-threatlogs/m-p/20915#M15279 <HTML><HEAD></HEAD><BODY><P>Yes, it is the same threatid (id 4091550) in both cases!</P><P>I also get no hit when searching the db´s. BTW, its type is shown as "Spyware" in both ACC and Threatlogs.</P><P></P><P>Greetings,</P><P>Alex.</P></BODY></HTML> Mon, 18 Feb 2013 10:26:46 GMT https://live.paloaltonetworks.com/t5/general-topics/acc-shows-threat-hit-with-severity-as-medium-while-threatlogs/m-p/20915#M15279 Alex_Graser 2013-02-18T10:26:46Z https://live.paloaltonetworks.com/t5/general-topics/acc-shows-threat-hit-with-severity-as-medium-while-threatlogs/m-p/20916#M15280 <HTML><HEAD></HEAD><BODY><P>Maybe, it´s because ThreatDatabase states "Database reflects antivirus version <STRONG>947</STRONG> and threats version <STRONG>356</STRONG>.", but our PA-5020 runs App&amp;Threats DB Version 357-1693?</P><P></P><P><BR /> </P></BODY></HTML> Mon, 18 Feb 2013 10:32:41 GMT https://live.paloaltonetworks.com/t5/general-topics/acc-shows-threat-hit-with-severity-as-medium-while-threatlogs/m-p/20916#M15280 Alex_Graser 2013-02-18T10:32:41Z https://live.paloaltonetworks.com/t5/general-topics/acc-shows-threat-hit-with-severity-as-medium-while-threatlogs/m-p/20917#M15281 <HTML><HEAD></HEAD><BODY><P>ThreatDatabase now reflects antivirus version <STRONG>954</STRONG> and threats version <STRONG>358</STRONG></P><P>But I still can´t find ID 4091550.</P><P></P><P>Anyone has an idea?</P><P></P><P>Thanks,</P><P>Alex.</P></BODY></HTML> Thu, 21 Feb 2013 09:01:30 GMT https://live.paloaltonetworks.com/t5/general-topics/acc-shows-threat-hit-with-severity-as-medium-while-threatlogs/m-p/20917#M15281 Alex_Graser 2013-02-21T09:01:30Z