Custom Signatures - no alerts generated after activation

Custom Signatures - no alerts generated after activation

0
Created On 09/26/18 13:45 PM - Last Modified 07/19/22 23:08 PM


Symptom


Symptoms

Custom signature validated successfully, but no alerts are generated.

Diagnosis

Review custom signature and make sure that the code path will generate alerts.  One way to do that is to create a new custom signature definition/version, perform a test run from the custom signature sandbox, and check if any alerts were generated.

Resolution


Modify the code base to ensure pass, warn, fail, and/or, info methods are called as expected.  If you believe the methods are being called but no alerts are generated, contact Palo Alto Networks support.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClnMCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail