https://live.paloaltonetworks.com/t5/general-topics/threat-prevention-subscription/m-p/8997#M6572 <HTML><HEAD></HEAD><BODY><P>I'm glad that I can help You.</P><P></P><P>Of course yes I had. This is normal situation - You must consider it. Read this community and You will see from time to time peopleas complaining about updates that was replaced in couples of hours by new version and so on.</P><P></P><P>Regards</P><P>Slawek</P></BODY></HTML> Wed, 06 May 2015 12:56:42 GMT _slv_ 2015-05-06T12:56:42Z https://live.paloaltonetworks.com/t5/general-topics/threat-prevention-subscription/m-p/8994#M6569 <HTML><HEAD></HEAD><BODY><P>Is anyone using the threat prevention subscription and how are they configuring it?&nbsp; I know that there are things I want to block but currently I have only set it to alert. What is the best way to configure the security profiles to get the best result?</P></BODY></HTML> Tue, 05 May 2015 13:06:48 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-prevention-subscription/m-p/8994#M6569 jdprovine 2015-05-05T13:06:48Z https://live.paloaltonetworks.com/t5/general-topics/threat-prevention-subscription/m-p/8995#M6570 <HTML><HEAD></HEAD><BODY><P>Hi</P><P></P><P>Did You read <A _jive_internal="true" href="https://live.paloaltonetworks.com/docs/DOC-3094" title="https://live.paloaltonetworks.com/docs/DOC-3094">https://live.paloaltonetworks.com/docs/DOC-3094</A></P><P></P><P>Please also think about <A href="https://live.paloaltonetworks.com/palo-blogpost/1156">Tips &amp;amp; Tricks: Using DNS Sinkhole to find Malicious Clients</A></P><P><A href="https://live.paloaltonetworks.com/docs/DOC-6220">How to Configure DNS Sinkhole</A></P><P>and of course <A href="https://live.paloaltonetworks.com/message/51788">CVE-2015-1635 and SSL decryption - is needed?</A></P><P></P><P>My Volnureability Ptorection Profile looks like:</P><P><IMG alt="2015-05-06_084113.png" class="image-0 jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/19528_2015-05-06_084113.png" style="height: 137px; width: 620px;" /></P><P>and it's atached to security policy that allow users access to internet.</P><P></P><P></P><P>Regards</P><P>Slawek</P></BODY></HTML> Wed, 06 May 2015 06:42:42 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-prevention-subscription/m-p/8995#M6570 _slv_ 2015-05-06T06:42:42Z https://live.paloaltonetworks.com/t5/general-topics/threat-prevention-subscription/m-p/8996#M6571 <HTML><HEAD></HEAD><BODY><P>Thanks yes I read that documentation and thanks for sharing the configuration of yours with me. Have you had any issues with blocking false positives</P></BODY></HTML> Wed, 06 May 2015 12:29:39 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-prevention-subscription/m-p/8996#M6571 jdprovine 2015-05-06T12:29:39Z https://live.paloaltonetworks.com/t5/general-topics/threat-prevention-subscription/m-p/8997#M6572 <HTML><HEAD></HEAD><BODY><P>I'm glad that I can help You.</P><P></P><P>Of course yes I had. This is normal situation - You must consider it. Read this community and You will see from time to time peopleas complaining about updates that was replaced in couples of hours by new version and so on.</P><P></P><P>Regards</P><P>Slawek</P></BODY></HTML> Wed, 06 May 2015 12:56:42 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-prevention-subscription/m-p/8997#M6572 _slv_ 2015-05-06T12:56:42Z https://live.paloaltonetworks.com/t5/general-topics/threat-prevention-subscription/m-p/8998#M6573 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>In my experience, I found it easier to configure a more aggressive profile for the DMZ because the traffic is much more predictable than what I see coming from inside the network. I work in a university and students use a lot of applications. Putting the action to alert is a good way to start. Eventually, you will see in the logs what you really want to block.</P><P></P><P>Benjamin</P></BODY></HTML> Wed, 06 May 2015 13:45:13 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-prevention-subscription/m-p/8998#M6573 BenjAudy.MTL 2015-05-06T13:45:13Z https://live.paloaltonetworks.com/t5/general-topics/threat-prevention-subscription/m-p/8999#M6574 <HTML><HEAD></HEAD><BODY><P>I took work at a university haven't really focused on the DMZ just trying to start the testing of the best method to approach the threat prevention. Just curious what In the logs keyed you in on what to block?</P></BODY></HTML> Wed, 06 May 2015 13:53:27 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-prevention-subscription/m-p/8999#M6574 jdprovine 2015-05-06T13:53:27Z https://live.paloaltonetworks.com/t5/general-topics/threat-prevention-subscription/m-p/9000#M6575 <HTML><HEAD></HEAD><BODY><P>I have a daily report of all the threats and their repeat count. I focus mostly on the critical and high severity threats, and I tend to spend more time on exploit kits and command and control traffic. I enable packet capture for most threats, so I can more easily find out if it's a false positive or not. I also like to tune the brute-force attack settings to block attackers while letting legitimate users in.</P><P></P><P>Benjamin</P></BODY></HTML> Mon, 11 May 2015 02:40:08 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-prevention-subscription/m-p/9000#M6575 BenjAudy.MTL 2015-05-11T02:40:08Z https://live.paloaltonetworks.com/t5/general-topics/threat-prevention-subscription/m-p/9001#M6576 <HTML><HEAD></HEAD><BODY><P>I will try that thanks</P></BODY></HTML> Mon, 11 May 2015 12:58:14 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-prevention-subscription/m-p/9001#M6576 jdprovine 2015-05-11T12:58:14Z