Can I Obtain the CVE in the PA event Log

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Can I Obtain the CVE in the PA event Log

L0 Member

We have numerous PA firewalls that alert for vulnerabilities. I also have a product that scans for vulnerabilities in my network. The scanning device has CVE numbers in its events. The PA has PA's unique identifier in its event. Is there a way for me to pull in the CVE into the Pans threat event so I can correlate the PANs threat events to my existing vulnerability events based on CVE number?

5 REPLIES 5

L4 Transporter

Hello, Chuck, and good morning to you sir!

 

First, this appears to be a question better suited for the general discussion forum as it doesn't appear to pertain to custom signatures.

 

However, I would like to point out that if you click on a value populating the "NAME" column in the threat monitor, the metadata for that threat name should appear like so:

 

1.PNG

 

The CVE associated is part of this metadata. I don't believe a separate column can be created.

 

Respectfully,

 

rcole

L5 Sessionator

Hi Chuck,

 

Welcome to our community.

 

You can issue "configuration mode" command, like below:

admin@Luciano-PA-VM# show predefined threats vulnerability [press ENTER, don't press tab or ?]

 

and you will get json output where you will have CVE description:

vulnerability {
35931 {
threatname "HP Data Protector OmniInet Opcode Buffer Overflow Vulnerability";
cve CVE-2011-1865;
category overflow;
severity high;
affected-host {
server yes;
}
default-action alert;
}
35933 {
threatname "HP Data Protector OmniInet Opcode 27 Buffer Overflow Vulnerability";
cve CVE-2011-1865;
category overflow;
severity high;
affected-host {
server yes;
}
default-action alert;
}

 

I think this is the only way to get something usable/useful, you could prolly run a script once a day (because you don't get updates more often) and just populate your fields what is the threat ID vs. the CVE.

 

Hope it helps, AFAIK this is the only (remotely) functional way to do it.

 

 

BR

Luciano

L6 Presenter

There is not currently a mechanism that I am aware of to see the CVE in the threat log of the PA Networks devices. 

 

You might want to discuss this idea with your account team. They could tell you if a feature enhancement is in the system for this or not. 

 

Just to let you know, because this was not related to the Custom Signatures, so I moved it to General Topics.

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!

L4 Transporter

Try gonig to Vulmerbiliites profile and click on default profiel or any one and the open it and then click exception tab than check  boxshow signatures box like below

 

Screen Shot 2016-05-13 at 5.22.56 PM.png

 

Screen Shot 2016-05-13 at 5.22.56 PM.png

 

  • 4802 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!