How to verify a specific Threat is blocked?

Reply
L4 Transporter

How to verify a specific Threat is blocked?

Hi Folks,

 

I am being asked how we know that specific threats like Wanna Cry and Petya are blocked by our PA 3020.

 

I see that our Content was updated back in 698 release that includes the update for Microsoft SMB vunerability, threat ID 32422 and has a CVE number.  We are up to date...

 

I've been searching the threat log based on CVE number, but shows nothing.  I've been searching our PA threat alerts, but have not found a threat and block related to this vunerability.   Could be safe to say that it's not been attempted on our network?

 

Checking if anyone may have other suggestions for answering this kind of question or searching for Threat IDs to verify they are blocked?

Highlighted
L4 Transporter

Re: How to verify a specific Threat is blocked?

Hi @OMatlock

Unless there are exploitation attempts through your firewall, you will not see a threat log generated.

 

Make sure as well, that the rules where you are applying the vulnerability profile, are correctly set to "Log at the end"

 

Finally, I wanted to point out (and I am sure you already know), that the content 698 is passed due, and the latest recommended content is 709 or 711.

 

I hope this helps.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!