https://live.paloaltonetworks.com/t5/general-topics/requirements-to-alert-an-threat/m-p/51507#M37893 <HTML><HEAD></HEAD><BODY><P>Hello Ralf,</P><P></P><P>As per my understanding, you will not be able to get the signature source <SPAN class="GINGER_SOFTWARE_mark">( </SPAN>for security reason). Please follow the mentioned link<SPAN class="GINGER_SOFTWARE_mark">,</SPAN>you may get some more detailed information: <A href="http://www.welivesecurity.com/2014/02/21/an-in-depth-analysis-of-linuxebury/" title="http://www.welivesecurity.com/2014/02/21/an-in-depth-analysis-of-linuxebury/">An In-depth Analysis of Linux/Ebury</A></P><P></P><P>Thanks</P></BODY></HTML> Wed, 09 Jul 2014 13:56:37 GMT HULK 2014-07-09T13:56:37Z https://live.paloaltonetworks.com/t5/general-topics/requirements-to-alert-an-threat/m-p/51506#M37892 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>is there any possibility to get any information about the requirements for detecting an specific threat.</P><P>e.g. there is <SPAN style="color: #333333; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 12px;">Signature ID : 13457</SPAN> EBURY, what is this signature looking for ?</P><P>Do I have to decrypt anything on the PA to give a deeper look into the payload. Is it only examing the DNS traffic ?</P><P>Where could get access to the signature source ?</P><P></P><P>Thanks </P><P>&nbsp;&nbsp; Ralf</P></BODY></HTML> Wed, 09 Jul 2014 13:42:36 GMT https://live.paloaltonetworks.com/t5/general-topics/requirements-to-alert-an-threat/m-p/51506#M37892 ralf_hanl 2014-07-09T13:42:36Z https://live.paloaltonetworks.com/t5/general-topics/requirements-to-alert-an-threat/m-p/51507#M37893 <HTML><HEAD></HEAD><BODY><P>Hello Ralf,</P><P></P><P>As per my understanding, you will not be able to get the signature source <SPAN class="GINGER_SOFTWARE_mark">( </SPAN>for security reason). Please follow the mentioned link<SPAN class="GINGER_SOFTWARE_mark">,</SPAN>you may get some more detailed information: <A href="http://www.welivesecurity.com/2014/02/21/an-in-depth-analysis-of-linuxebury/" title="http://www.welivesecurity.com/2014/02/21/an-in-depth-analysis-of-linuxebury/">An In-depth Analysis of Linux/Ebury</A></P><P></P><P>Thanks</P></BODY></HTML> Wed, 09 Jul 2014 13:56:37 GMT https://live.paloaltonetworks.com/t5/general-topics/requirements-to-alert-an-threat/m-p/51507#M37893 HULK 2014-07-09T13:56:37Z https://live.paloaltonetworks.com/t5/general-topics/requirements-to-alert-an-threat/m-p/51508#M37894 <HTML><HEAD></HEAD><BODY><P>Hello Ralf,</P><P></P><P>The default action is set for this threat is "ALEART". Hence, at any point of time if the signature triggers, the PAN firewall will generate a log for the same. GUI &gt; Monitor &gt; Logs &gt; Threat. You may change the default action as mentioned below.</P><P></P><P><IMG alt="Eburry.JPG" class="image-0 jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/14351_Eburry.JPG" style="height: 278px; width: 620px;" /></P><P></P><P>Thanks.</P></BODY></HTML> Wed, 09 Jul 2014 14:42:52 GMT https://live.paloaltonetworks.com/t5/general-topics/requirements-to-alert-an-threat/m-p/51508#M37894 HULK 2014-07-09T14:42:52Z https://live.paloaltonetworks.com/t5/general-topics/requirements-to-alert-an-threat/m-p/51509#M37895 <HTML><HEAD></HEAD><BODY><P>The basic information that Palo Alto does provide can be found by searching in the Threat Vault.</P><P></P><P><A href="https://threatvault.paloaltonetworks.com/" title="https://threatvault.paloaltonetworks.com/">https://threatvault.paloaltonetworks.com/</A></P><P></P><P>This document shows how to get more detailed information after seeing what is available from Palo Alto.</P><P></P><P><A href="https://live.paloaltonetworks.com/docs/DOC-5316">How to Find Virus Details if Not Available in the Threat Vault</A></P></BODY></HTML> Wed, 09 Jul 2014 23:38:45 GMT https://live.paloaltonetworks.com/t5/general-topics/requirements-to-alert-an-threat/m-p/51509#M37895 pulukas 2014-07-09T23:38:45Z