Vulnerability Profile Rule vs Vulnerability Signature Action

by pankaku on ‎04-27-2016 05:54 AM - edited on ‎05-11-2016 04:46 AM by (4,752 Views)

In some cases, actions set on a vulnerability are not applied as expected. This is due to the policy inside the profile taking precedence over the individual vulnerability, if set to anything other than 'Default.'

 

The following is vulnerability protection profile and action for c2s is reset-both.

 

Vulnerability rules.png

 

Let's say you have created a custom vulnerability signature to block a specific website and severity for the custom signature is critical and action is alert.

 

Vulnerability custom signautre.png

 

If you try to access that website, you won't be able to do so, even though the action for the custom vulnerability is alert. That's because the vulnerability profile rule for critical is reset-both. The action set in the profile rule takes precedense over the individual vulnerability action. If you want that rule to not take precedence, create an exception for that vulnerability.

 

Access website.png

 

Threat Logs

 

Logs.png

Ignite 2018, Amsterdam, Netherlands
Ask Questions Get Answers Join the Live Community