App and Threat Threshold

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

App and Threat Threshold

L3 Networker

Team,

 

Can anyone please explain to me what the Threashold section does under Application and Threat updates?

 

I am so confused!

Schneur_Feldman_0-1668203159326.png

 

3 accepted solutions

Accepted Solutions

Cyber Elite
Cyber Elite

Hello,

Its how old the package needs to be before its installed. Lets say its like the picture and set to 48 hours. While the PAN checks every 30 minutes, the package must be at least 48 hours old to be installed. This is to help minimize any accidental production goofs on the Palo alto side. I have mine set to check once a day, but the package must be at least 12 hours old.

OtakarKlier_0-1668204306565.png

 

Hope that makes sense.

View solution in original post

L4 Transporter

Hello @Schneur_Feldman 

 

Hello, good afternoon.

 

The Threshold corresponds to the additional time. Example you have set every 30, but if you have 48 hrs, after 30 minutes, it will wait the hours you entered in Threshold in your case, example 48, to just perform the action you indicated, as in this case, download and install.

 

Best regards

High Sticker

View solution in original post

Hello @Schneur_Feldman , it all depends on how you adjust it.

Some people prefer, once a new release comes out, well a new Update Dynamic, to wait before installing, to review and analyze, relying on the threshold set. There are those who prefer to just download and install every 30 minutes and not leave anything in the threshold. It all depends on your environments and scenarios.

Check these links related to Best Practices, but the choice should always be based on your choice, priority and environment:

 

-https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/software-and-content-updates/best-practices-for-app-and-threat-content-updates


Best regards

High Sticker

View solution in original post

4 REPLIES 4

Cyber Elite
Cyber Elite

Hello,

Its how old the package needs to be before its installed. Lets say its like the picture and set to 48 hours. While the PAN checks every 30 minutes, the package must be at least 48 hours old to be installed. This is to help minimize any accidental production goofs on the Palo alto side. I have mine set to check once a day, but the package must be at least 12 hours old.

OtakarKlier_0-1668204306565.png

 

Hope that makes sense.

L4 Transporter

Hello @Schneur_Feldman 

 

Hello, good afternoon.

 

The Threshold corresponds to the additional time. Example you have set every 30, but if you have 48 hrs, after 30 minutes, it will wait the hours you entered in Threshold in your case, example 48, to just perform the action you indicated, as in this case, download and install.

 

Best regards

High Sticker

L3 Networker

Thanks! So I guess the million dollar question is the Palo checking App and Threats every 30 minutes but just installing them after 48 hours?

 

I guess what I am confused about here is if there is any point in having the PA check every 30 minutes if its only installing after 48 hours??

Still kind of confused. Would anyone be able to explain the flow of a new package update and how that thresh hold effects it?

Hello @Schneur_Feldman , it all depends on how you adjust it.

Some people prefer, once a new release comes out, well a new Update Dynamic, to wait before installing, to review and analyze, relying on the threshold set. There are those who prefer to just download and install every 30 minutes and not leave anything in the threshold. It all depends on your environments and scenarios.

Check these links related to Best Practices, but the choice should always be based on your choice, priority and environment:

 

-https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/software-and-content-updates/best-practices-for-app-and-threat-content-updates


Best regards

High Sticker
  • 3 accepted solutions
  • 2588 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!