https://live.paloaltonetworks.com/t5/general-topics/more-granular-with-vulnerability-exceptions/m-p/7208#M5335 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>we would appreciate if you could consider this as a feature request or something to add in the future.</P><P>Every IPS solution has this possibility and granularity and we'd like to see it in PAN also.</P><P></P><P>It would be useful if the exception could be activated also by right-clicking on the interested log entry (as many vendor does)...</P><P></P><P>Thanks</P></BODY></HTML> Wed, 17 Nov 2010 14:09:06 GMT migration 2010-11-17T14:09:06Z https://live.paloaltonetworks.com/t5/general-topics/more-granular-with-vulnerability-exceptions/m-p/7206#M5333 <HTML><HEAD></HEAD><BODY><P>When adding a Vulnerability Exception, is there any way to make the exception more granular? (being able to add the exception along with an IP host or range, source or destination IP, zones, or virtual systems.)&nbsp; For example, If I wanted to ignore a certain vulnerability that is causing false positives and is coming from the inside of the network, I would have to add that vulnerability to the exceptions list.&nbsp; But by adding it to the list, I am also ignoring that vulnerability completely.&nbsp; I would like Palo Alto to still be able to monitor for that vulnerability, just not within certain parameters.</P></BODY></HTML> Tue, 16 Nov 2010 18:42:49 GMT https://live.paloaltonetworks.com/t5/general-topics/more-granular-with-vulnerability-exceptions/m-p/7206#M5333 jambulo 2010-11-16T18:42:49Z https://live.paloaltonetworks.com/t5/general-topics/more-granular-with-vulnerability-exceptions/m-p/7207#M5334 <HTML><HEAD></HEAD><BODY><P>Hello Jambulo,</P><P>the only way to do this is to create another vulnerability profile, add the desired exception, then create another policy that details your desired granularity (source ip, destination ip, etc..) and add that new vulnerability profile to it.</P><P></P><P></P><P></P><P></P><P>thanks,</P><P>Stephen</P></BODY></HTML> Tue, 16 Nov 2010 22:13:48 GMT https://live.paloaltonetworks.com/t5/general-topics/more-granular-with-vulnerability-exceptions/m-p/7207#M5334 swhyte 2010-11-16T22:13:48Z https://live.paloaltonetworks.com/t5/general-topics/more-granular-with-vulnerability-exceptions/m-p/7208#M5335 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>we would appreciate if you could consider this as a feature request or something to add in the future.</P><P>Every IPS solution has this possibility and granularity and we'd like to see it in PAN also.</P><P></P><P>It would be useful if the exception could be activated also by right-clicking on the interested log entry (as many vendor does)...</P><P></P><P>Thanks</P></BODY></HTML> Wed, 17 Nov 2010 14:09:06 GMT https://live.paloaltonetworks.com/t5/general-topics/more-granular-with-vulnerability-exceptions/m-p/7208#M5335 migration 2010-11-17T14:09:06Z https://live.paloaltonetworks.com/t5/general-topics/more-granular-with-vulnerability-exceptions/m-p/7209#M5336 <HTML><HEAD></HEAD><BODY><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"><P>swhyte wrote:</P><P></P><P>Hello Jambulo,</P><P>the only way to do this is to create another vulnerability profile, add the desired exception, then create another policy that details your desired granularity (source ip, destination ip, etc..) and add that new vulnerability profile to it.</P><P></P><P></P><P></P><P></P><P>thanks,</P><P>Stephen</P></PRE><P></P><P>Thanks for the tip...I tried it and it works, but have 2 concerns...</P><P></P><P>1) When I create a new policy that includes a specific IP address and the new vulnerability profile, it does work correctly at ignoring the vulnerability.&nbsp; BUT, ANYTHING that comes through with the IP address stated in the new policy, gets labeled as using the "rule" for that new policy.&nbsp; It looks like the policies are using a Bolean OR operator, when it should be using AND.</P><P></P><P>2) If I had to create multiple policies for multiple exceptions, would it create a lot of exta load? Since it scans through all the vulnerabilities minus the exception in Policy 1, then scans through all the vulnerabilities minus the exception in Policy 2, and so on...(I have Packet Capture on too)</P></BODY></HTML> Wed, 17 Nov 2010 18:53:57 GMT https://live.paloaltonetworks.com/t5/general-topics/more-granular-with-vulnerability-exceptions/m-p/7209#M5336 jambulo 2010-11-17T18:53:57Z