https://live.paloaltonetworks.com/t5/general-topics/how-to-verify-a-specific-threat-is-blocked/m-p/163535#M52938 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/56398">@OMatlock</a></P><P>Unless there are exploitation attempts through your firewall, you will not see a threat log generated.</P><P>&nbsp;</P><P>Make sure as well, that the rules where you are applying the vulnerability profile, are correctly set to "Log at the end"</P><P>&nbsp;</P><P>Finally, I wanted to point out (and I am sure you already know), that the content 698 is passed due, and the latest recommended content is 709 or 711.</P><P>&nbsp;</P><P>I hope this helps.</P> Wed, 28 Jun 2017 03:27:22 GMT acc6d0b3610eec313831f7900fdbd235 2017-06-28T03:27:22Z https://live.paloaltonetworks.com/t5/general-topics/how-to-verify-a-specific-threat-is-blocked/m-p/163528#M52937 <P>Hi Folks,</P><P>&nbsp;</P><P>I am being asked how we know that specific threats like Wanna Cry and Petya are blocked by our PA 3020.</P><P>&nbsp;</P><P>I see that our Content was updated back in 698 release that includes the update for Microsoft SMB vunerability, threat ID 32422 and has a CVE number.&nbsp; We are up to date...</P><P>&nbsp;</P><P>I've been searching the threat log based on CVE number, but shows nothing.&nbsp; I've been searching our PA threat alerts, but have not found a threat and block related to this vunerability.&nbsp;&nbsp; Could be safe to say that it's not been attempted on our network?</P><P>&nbsp;</P><P>Checking if anyone may have other suggestions for answering this kind of question or searching for Threat IDs to verify they are blocked?</P> Wed, 28 Jun 2017 02:51:40 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-verify-a-specific-threat-is-blocked/m-p/163528#M52937 OMatlock 2017-06-28T02:51:40Z https://live.paloaltonetworks.com/t5/general-topics/how-to-verify-a-specific-threat-is-blocked/m-p/163535#M52938 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/56398">@OMatlock</a></P><P>Unless there are exploitation attempts through your firewall, you will not see a threat log generated.</P><P>&nbsp;</P><P>Make sure as well, that the rules where you are applying the vulnerability profile, are correctly set to "Log at the end"</P><P>&nbsp;</P><P>Finally, I wanted to point out (and I am sure you already know), that the content 698 is passed due, and the latest recommended content is 709 or 711.</P><P>&nbsp;</P><P>I hope this helps.</P> Wed, 28 Jun 2017 03:27:22 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-verify-a-specific-threat-is-blocked/m-p/163535#M52938 acc6d0b3610eec313831f7900fdbd235 2017-06-28T03:27:22Z