Default threat ID correlation for action
Hi all,I was searching for a while and could not find the answer to this question.By default, does a Palo Alto block every instance a threat ID (that is enabled) is seen or does it wait until 1 threat ID hits 5 times in 1 minute (for example).I would think it would be the former, but was searching for confirmation.Thanks




