topic Paloalto detected vulnerability traffic but the traffic is allowed in General Topics https://live.paloaltonetworks.com/t5/general-topics/paloalto-detected-vulnerability-traffic-but-the-traffic-is/m-p/184294#M56530 <P>Hi Guys,</P><P>&nbsp;</P><P>SIEM tool - QRadar</P><P>&nbsp;</P><P>Firewall - Paloalto</P><P>&nbsp;</P><P>Received one exploit alert in our siem console</P><P>Source ip is internal workstation reaching to external remote public ips like yahoo,aws</P><P>alert name is exploit events across multiple targets containing generic prompt xss vulnerability</P><P>Paloalto detected&nbsp; the vulnerability traffic and sent those logs to SIEM however the traffic is allowed in paloalto<BR />what might be the reason?</P> Sat, 28 Oct 2017 15:47:32 GMT saighanasyam42 2017-10-28T15:47:32Z Paloalto detected vulnerability traffic but the traffic is allowed https://live.paloaltonetworks.com/t5/general-topics/paloalto-detected-vulnerability-traffic-but-the-traffic-is/m-p/184294#M56530 <P>Hi Guys,</P><P>&nbsp;</P><P>SIEM tool - QRadar</P><P>&nbsp;</P><P>Firewall - Paloalto</P><P>&nbsp;</P><P>Received one exploit alert in our siem console</P><P>Source ip is internal workstation reaching to external remote public ips like yahoo,aws</P><P>alert name is exploit events across multiple targets containing generic prompt xss vulnerability</P><P>Paloalto detected&nbsp; the vulnerability traffic and sent those logs to SIEM however the traffic is allowed in paloalto<BR />what might be the reason?</P> Sat, 28 Oct 2017 15:47:32 GMT https://live.paloaltonetworks.com/t5/general-topics/paloalto-detected-vulnerability-traffic-but-the-traffic-is/m-p/184294#M56530 saighanasyam42 2017-10-28T15:47:32Z Re: Paloalto detected vulnerability traffic but the traffic is allowed https://live.paloaltonetworks.com/t5/general-topics/paloalto-detected-vulnerability-traffic-but-the-traffic-is/m-p/184478#M56575 <P>have you checke dthe threat log? there should be an associated action to the threat which is tied to the configuration of the security profile assovciated with the security policy that allows the session to start</P> <P>&nbsp;</P> <P>if the threat is of severifty 'informational; for example, the default action is typically 'alert' which simply generates a log but takes no action</P> Mon, 30 Oct 2017 14:32:49 GMT https://live.paloaltonetworks.com/t5/general-topics/paloalto-detected-vulnerability-traffic-but-the-traffic-is/m-p/184478#M56575 reaper 2017-10-30T14:32:49Z