https://live.paloaltonetworks.com/t5/general-topics/avoid-scanning-threat-vulnerabilities/m-p/30879#M22600 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>First you can activate on the security rule the DSRI which will prevent analyse on your server answer.</P><P>Or you can create a custom profile for this rule</P><P>At the end on your global profile you can disable some alert.</P><P></P><P>Hope help</P><P></P><P>V.</P></BODY></HTML> Wed, 28 May 2014 12:36:37 GMT VinceM 2014-05-28T12:36:37Z https://live.paloaltonetworks.com/t5/general-topics/avoid-scanning-threat-vulnerabilities/m-p/30878#M22599 <HTML><HEAD></HEAD><BODY><P>Hello</P><P>I have in my firewall logs events detected as a threat of this IP:</P><P><SPAN style="font-size: 8pt; font-family: courier new,courier;">Source IP:&nbsp;&nbsp;&nbsp; 84.88.91.1&nbsp;&nbsp;&nbsp; Spain</SPAN></P><P><SPAN style="font-family: courier new,courier; font-size: 8pt;">From Zone: Untrust</SPAN></P><P></P><P><SPAN style="font-size: 10pt; font-family: arial,helvetica,sans-serif;">to my web server:</SPAN></P><P><SPAN style="font-family: courier new,courier; font-size: 8pt;">Destination IP:&nbsp;&nbsp;&nbsp; 195.77.XX.XX</SPAN></P><P><SPAN style="font-family: courier new,courier; font-size: 8pt;">Destination Port:&nbsp;&nbsp;&nbsp; 80</SPAN></P><P><SPAN style="font-size: 8pt; font-family: courier new,courier;">To Zone: DMZ</SPAN></P><P></P><P>Multiple Vulnerabilities Types Targeting a Single Source</P><P><SPAN style="font-size: 8pt; font-family: courier new,courier;">Acunetix Web Vulnerability Scanner Detection</SPAN></P><P><SPAN style="font-family: courier new,courier; font-size: 8pt;">Microsoft IIS Escaped Characters Decoding Command Execution Vulnerability</SPAN></P><P><SPAN style="font-family: courier new,courier; font-size: 8pt;">HTTP Directory Traversal Vulnerabilit</SPAN></P><P><SPAN style="font-family: courier new,courier; font-size: 8pt;">Microsoft Windows win.ini access attempt</SPAN></P><P><SPAN style="font-family: courier new,courier; font-size: 8pt;">Generic HTTP Cross Site Scripting Attempt</SPAN></P><P><SPAN style="font-family: courier new,courier; font-size: 8pt;">HTTP Cross Site Scripting Attempt</SPAN></P><P><SPAN style="font-size: 8pt; font-family: courier new,courier;">Microsoft SharePoint scriptresx.ashx Cross-site Scripting Vulnerability</SPAN></P><P></P><P>How can I avoid or prevent this type of vulnerability scanning? or what recommendations do you suggest me?</P><P></P><P>Thank you.</P><P></P><P>dicu</P></BODY></HTML> Wed, 28 May 2014 11:49:15 GMT https://live.paloaltonetworks.com/t5/general-topics/avoid-scanning-threat-vulnerabilities/m-p/30878#M22599 SOC_CSG 2014-05-28T11:49:15Z https://live.paloaltonetworks.com/t5/general-topics/avoid-scanning-threat-vulnerabilities/m-p/30879#M22600 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>First you can activate on the security rule the DSRI which will prevent analyse on your server answer.</P><P>Or you can create a custom profile for this rule</P><P>At the end on your global profile you can disable some alert.</P><P></P><P>Hope help</P><P></P><P>V.</P></BODY></HTML> Wed, 28 May 2014 12:36:37 GMT https://live.paloaltonetworks.com/t5/general-topics/avoid-scanning-threat-vulnerabilities/m-p/30879#M22600 VinceM 2014-05-28T12:36:37Z https://live.paloaltonetworks.com/t5/general-topics/avoid-scanning-threat-vulnerabilities/m-p/30880#M22601 <HTML><HEAD></HEAD><BODY><P>Here is a doc that explains on how to exempt an ip address from threat profile</P><P><A href="https://live.paloaltonetworks.com/docs/DOC-5235">How To Add Exempt IP Addresses From the Threat Monitor Logs</A></P><P>You can use the above doc so it will not scan that.</P><P>Here is another useful doc regarding threat prevention.</P><P><A href="https://live.paloaltonetworks.com/docs/DOC-3094">Threat Prevention Deployment Tech Note</A></P><P>Let us know if this helps.</P><P>Thanks</P><P>Numan</P></BODY></HTML> Thu, 29 May 2014 15:45:21 GMT https://live.paloaltonetworks.com/t5/general-topics/avoid-scanning-threat-vulnerabilities/m-p/30880#M22601 mbutt 2014-05-29T15:45:21Z