is there any possibility to get any information about the requirements for detecting an specific threat.
e.g. there is Signature ID : 13457 EBURY, what is this signature looking for ?
Do I have to decrypt anything on the PA to give a deeper look into the payload. Is it only examing the DNS traffic ?
Where could get access to the signature source ?
As per my understanding, you will not be able to get the signature source ( for security reason). Please follow the mentioned link,you may get some more detailed information: An In-depth Analysis of Linux/Ebury
The default action is set for this threat is "ALEART". Hence, at any point of time if the signature triggers, the PAN firewall will generate a log for the same. GUI > Monitor > Logs > Threat. You may change the default action as mentioned below.
The basic information that Palo Alto does provide can be found by searching in the Threat Vault.
This document shows how to get more detailed information after seeing what is available from Palo Alto.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!