topic Re: DNS Security - High Risk Sites in General Topics

DNS Security - High Risk Sites

fhewiufhwefhwe — Mon, 23 Mar 2020 23:07:02 GMT

thumbnails.trvl-media.com used by www.hotels.com to host its images is classified as a high risk site

If this is a false positive, how do I get Palo Alto DNS Service to take a second look or find out why it's classified as high risk?

How are other people using the high risk category? Are they using url blocking, sink-holing, or custom file blocking policies because of false positives?

Re: DNS Security - High Risk Sites

kiwi — Tue, 24 Mar 2020 10:10:48 GMT

Hi @fhewiufhwefhwe ,

If you believe that a certain category is identified incorrectly then you can make a request to change it:

https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/url-filtering/url-category-change.html

You can add exceptions to workaround false-positives.

Cheers,

-Kiwi.

Re: DNS Security - High Risk Sites

fhewiufhwefhwe — Tue, 24 Mar 2020 12:53:09 GMT

Forced to use the exception route. No option to get a human to look at the url, only the possibility to change it from travel to CDN.