Can I Obtain the CVE in the PA event Log

Reply
Highlighted
L0 Member

Can I Obtain the CVE in the PA event Log

We have numerous PA firewalls that alert for vulnerabilities. I also have a product that scans for vulnerabilities in my network. The scanning device has CVE numbers in its events. The PA has PA's unique identifier in its event. Is there a way for me to pull in the CVE into the Pans threat event so I can correlate the PANs threat events to my existing vulnerability events based on CVE number?

Highlighted
L4 Transporter

Hello, Chuck, and good morning to you sir!

 

First, this appears to be a question better suited for the general discussion forum as it doesn't appear to pertain to custom signatures.

 

However, I would like to point out that if you click on a value populating the "NAME" column in the threat monitor, the metadata for that threat name should appear like so:

 

1.PNG

 

The CVE associated is part of this metadata. I don't believe a separate column can be created.

 

Respectfully,

 

rcole

Highlighted
L5 Sessionator

Hi Chuck,

 

Welcome to our community.

 

You can issue "configuration mode" command, like below:

admin@Luciano-PA-VM# show predefined threats vulnerability [press ENTER, don't press tab or ?]

 

and you will get json output where you will have CVE description:

vulnerability {
35931 {
threatname "HP Data Protector OmniInet Opcode Buffer Overflow Vulnerability";
cve CVE-2011-1865;
category overflow;
severity high;
affected-host {
server yes;
}
default-action alert;
}
35933 {
threatname "HP Data Protector OmniInet Opcode 27 Buffer Overflow Vulnerability";
cve CVE-2011-1865;
category overflow;
severity high;
affected-host {
server yes;
}
default-action alert;
}

 

I think this is the only way to get something usable/useful, you could prolly run a script once a day (because you don't get updates more often) and just populate your fields what is the threat ID vs. the CVE.

 

Hope it helps, AFAIK this is the only (remotely) functional way to do it.

 

 

BR

Luciano

Highlighted
L6 Presenter

There is not currently a mechanism that I am aware of to see the CVE in the threat log of the PA Networks devices. 

 

You might want to discuss this idea with your account team. They could tell you if a feature enhancement is in the system for this or not. 

 

Community Team Member

Just to let you know, because this was not related to the Custom Signatures, so I moved it to General Topics.

Stay Secure,
Joe
End of line
Highlighted
L4 Transporter

Try gonig to Vulmerbiliites profile and click on default profiel or any one and the open it and then click exception tab than check  boxshow signatures box like below

 

Screen Shot 2016-05-13 at 5.22.56 PM.png

 

Screen Shot 2016-05-13 at 5.22.56 PM.png

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!