How to view the "Hits" of my Vulnerability Protection Rule

Reply
Highlighted

How to view the "Hits" of my Vulnerability Protection Rule

Hello Everyone,

I am quite new to PA, so i would need your suggestion about this.

I created a Vulnerability Protection Rule wherein my goal is once a Signature update arrives (Vulnerability signature), all those that are “Critical” would have an automatic Action of Drop. And that I dont need to manually set the action for "Critical" threat one-by-one inside the "Exceptions" tab. Here's the rule i created.

 

CriticalVulnerability.jpg

 

Can you please advise if there is a custom report that I can set or a section where i can see the running "hits" for this rule? Just like how the Logs in the "Monitoring" tab display the running traffic, threats, etc etc.

 

Thank you very much!!

Re: How to view the "Hits" of my Vulnerability Protection Rule

Thinking through it as I read back my own post. Is the rule I created applicable to my objective?

 

My Objective:

Instead of me “manually” changing the default action for all “Critical” severity signatures as they are delivered by Palo Alto , I want a rule to do this for me automatically. Meaning, once a Signature update arrives (Vulnerability signature), all those that are “Critical” should have an Action of Drop, since I already set a rule that is applied in my Vulnerability profile.

 

Or this rule is more on the "Threat" as it comes in, and not on the "Vulnerability Signature"? Sorry for branching out my question, I just want to nail this down really hard. Thanks again.

 

L2 Linker

Re: How to view the "Hits" of my Vulnerability Protection Rule

If you look at the threat windows under monitor you can you can filter for ( subtype eq vulnerability ) once you have that filtered if you know what rule(s) the vulnerability profile is set to you can then click on the magnifier on the left and look at the details to get more information about the Threat Name that was blocked and the severity. Or depending on the version you are on you could look under the ACC Tab and check the Threat activity and filter by the critical severity and see the rule/count there. I hope that helps if not let me know.
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!