This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

CVE and Threat Signature

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

CVE and Threat Signature

GLorhammer
L1 Bithead

‎08-28-2017 08:27 AM

In looking at the threats in the Vulnerability Protection profile only a relatively small number have CVEs associated with them. Is there a way to get a list of those that do without just scrolling through the pages of threats in the GUI? Also, is there somewhere that the whole list of vulnerabilities is posted from PA? I suspect not as this is probably proprietary but in case there is, where?

 

Thanks.

0 Likes Likes
4 REPLIES 4

Remo
L7 Applicator

‎08-28-2017 09:01 AM

On https://threatvault.paloaltonetworks.com is a searchable database of all the different signatures ... only metadata and not, as you already expected, the details on how the signature actually looks like that is used in PAN-OS.

 

For your first question: It is possible to pull a signaturelist including CVE numbers over the PAN-OS API

0 Likes Likes

GLorhammer
L1 Bithead
In response to Remo

‎08-28-2017 09:45 AM

Thanks for the feedback. The threat vault is great for searching for individual threats, but not for getting a list of all of them. 

 

I'm looking at the XML API guide and don't see the command for pulling the entire signature list to put in a request. Do you have a link to the page that explains it, or at least the command that would pull it in the CLI and I can put that in the API request?

0 Likes Likes

Remo
L7 Applicator
In response to GLorhammer

‎08-28-2017 09:56 AM - edited ‎08-28-2017 01:28 PM

https://FIREWALLNAME-OR-IP/api/?type=config&action=get&xpath=/config/predefined/threats/vulnerability

 

But if you are already on 8.0 this works only with 8.0.3. In the other 8.0 versions there is a bug, so CVEs are not shown there.

0 Likes Likes

ddallmann
L1 Bithead
In response to Remo

‎12-30-2019 11:34 AM

https[:]//IPADDRESS/api/?key=YOURKEY&type=op&cmd=<show><predefined><xpath>/predefined/threats/vulnerability</xpath></predefined></show>

0 Likes Likes
  • 3516 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks