https://live.paloaltonetworks.com/t5/general-topics/zone-protection-host-sweep-settings/m-p/200#M162 <HTML><HEAD></HEAD><BODY><P>please visit this link:</P><P><SPAN class="s1"><A _jive_internal="true" href="https://live.paloaltonetworks.com/docs/DOC-3972">https://live.paloaltonetworks.com/docs/DOC-3972</A></SPAN></P></BODY></HTML> Mon, 30 Jun 2014 09:53:21 GMT winwan 2014-06-30T09:53:21Z https://live.paloaltonetworks.com/t5/general-topics/zone-protection-host-sweep-settings/m-p/199#M161 <HTML><HEAD></HEAD><BODY><P><SPAN lang="EN" style="font-size: 12.0pt; font-family: 'Times New Roman','serif';"><BR /></SPAN></P><P><SPAN lang="EN" style="font-size: 12.0pt; font-family: 'Times New Roman','serif';">I tried to adjust the "Host sweep," according to my network traffic, but I don`t get the results that want:</SPAN></P><P>Inteval (sec)&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : ?</P><P>Threshold (events)&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : ?</P><P></P><P>&nbsp; <SPAN class="hps"><SPAN lang="EN-US" style="font-size: 11.0pt; font-family: 'Calibri','sans-serif';">Example: Given these </SPAN></SPAN><SPAN class="hps"><SPAN lang="EN-US" style="font-size: 11.0pt; font-family: 'Calibri','sans-serif';">threats</SPAN></SPAN></P><P><SPAN class="hps"><SPAN lang="EN-US" style="font-size: 11.0pt; font-family: 'Calibri','sans-serif';"><IMG alt="" class="image-0 jiveImage" src="https://live.paloaltonetworks.com/legacyfs/online/13726_pastedImage_2.png" style="max-width: 1200px; max-height: 900px;" /></SPAN></SPAN></P><P></P><P>I made the following query to see the number of events in 10 seconds: </P><P><SPAN style="font-size: 10pt; font-family: courier new,courier;">( addr.src in 172.16.29.<SPAN style="color: #c00000;">111 </SPAN>) and ( port.dst eq 161 ) and ( receive_time geq '2014/06/02 11:56:00' ) and ( receive_time leq '2014/06/02 11:56:10' )</SPAN></P><P><IMG alt="" class="image-1 jiveImage" src="https://live.paloaltonetworks.com/legacyfs/online/13733_pastedImage_7.png" style="max-width: 1200px; max-height: 900px;" /></P><P><SPAN class="hps">Result</SPAN><SPAN class="shorttext">: </SPAN> <SPAN class="hps">1354</SPAN> <SPAN class="hps">events</SPAN> <SPAN class="hps">in</SPAN> <SPAN class="hps">10 seconds.</SPAN></P><P>it does not work.</P><P></P><P></P><P><SPAN class="hps">I have also tried adding exceptions, but does not work, this not stop to generate threat :</SPAN></P><P><SPAN class="hps"><IMG alt="" class="image-2 jiveImage" src="https://live.paloaltonetworks.com/legacyfs/online/13734_pastedImage_21.png" style="max-width: 1200px; max-height: 900px;" /></SPAN></P><P></P><P></P><P></P><P>This is internal traffic and generated me threat "SCAN: Host Sweep" :</P><P><IMG alt="" class="image-3 jiveImage" src="https://live.paloaltonetworks.com/legacyfs/online/13735_pastedImage_27.png" style="max-width: 1200px; max-height: 900px;" /></P><P></P><P></P><P><SPAN class="hps">I</SPAN> <SPAN class="hps">don´t know if</SPAN> <SPAN class="hps">I'm doing well</SPAN> <SPAN class="hps">or not?</SPAN></P><P><SPAN class="hps">Could</SPAN> <SPAN class="hps">anyone help me?</SPAN></P><P></P><P>dicu</P></BODY></HTML> Mon, 02 Jun 2014 10:27:17 GMT https://live.paloaltonetworks.com/t5/general-topics/zone-protection-host-sweep-settings/m-p/199#M161 SOC_CSG 2014-06-02T10:27:17Z https://live.paloaltonetworks.com/t5/general-topics/zone-protection-host-sweep-settings/m-p/200#M162 <HTML><HEAD></HEAD><BODY><P>please visit this link:</P><P><SPAN class="s1"><A _jive_internal="true" href="https://live.paloaltonetworks.com/docs/DOC-3972">https://live.paloaltonetworks.com/docs/DOC-3972</A></SPAN></P></BODY></HTML> Mon, 30 Jun 2014 09:53:21 GMT https://live.paloaltonetworks.com/t5/general-topics/zone-protection-host-sweep-settings/m-p/200#M162 winwan 2014-06-30T09:53:21Z https://live.paloaltonetworks.com/t5/general-topics/zone-protection-host-sweep-settings/m-p/201#M163 <HTML><HEAD></HEAD><BODY><P>That IP exception is for user identification not for Zone Protection.</P></BODY></HTML> Sat, 10 Jan 2015 01:46:05 GMT https://live.paloaltonetworks.com/t5/general-topics/zone-protection-host-sweep-settings/m-p/201#M163 ddharmalingam 2015-01-10T01:46:05Z