Exempt alerting for specific threat

Reply
Highlighted
L4 Transporter

Exempt alerting for specific threat

We have an open wifi network and do see lot of coinhive spyware threat alerts. Recently a user genrated in excess 30000 email alerts for CoinHive JavaScript Detection. We don't want to block the user and also the external IP is not single one. Firewall is set to reset-bot on detection. We just don't want to see this email alert, is there a workaround to disable alert on a specific spyware.


Accepted Solutions
Highlighted
L7 Applicator

Re: Exempt alerting for specific threat

PAN-OS 8.0 introduced "Filtered Log Forwarding".  This would allow you to further "tweak" the rule that generates e-mail notifications.  You could easily exempt certain events from generating e-mails, regardless of severity.  Read more about it here:

 

https://live.paloaltonetworks.com/t5/Community-Blog/Make-more-sense-using-filtered-log-forwarding/ba...

https://live.paloaltonetworks.com/t5/Tutorials/Tutorial-Filtered-Log-Forwarding/ta-p/145950

View solution in original post


All Replies
Highlighted
Cyber Elite

Re: Exempt alerting for specific threat

Hello,

Yes there is. Just use the exception tab to filter the one you dont want to see out. Set it something lower and change the action.

 

image.png

 

Hope that helps.

Highlighted
L4 Transporter

Re: Exempt alerting for specific threat

How would you change the severity of threat under exceptions? SMTP Alerts are set for anything medium to critical.

Just to mention this is for antispyware although it should be similar to vulnerability protection.

Highlighted
Cyber Elite

Re: Exempt alerting for specific threat

Sorry, that is where my fingers were quicker than my brain. You are correct the severity cannot be changed. If you have a SIEM you can just use it for the alerts and silence the PAN.

 

Just a thought.

Highlighted
L7 Applicator

Re: Exempt alerting for specific threat

PAN-OS 8.0 introduced "Filtered Log Forwarding".  This would allow you to further "tweak" the rule that generates e-mail notifications.  You could easily exempt certain events from generating e-mails, regardless of severity.  Read more about it here:

 

https://live.paloaltonetworks.com/t5/Community-Blog/Make-more-sense-using-filtered-log-forwarding/ba...

https://live.paloaltonetworks.com/t5/Tutorials/Tutorial-Filtered-Log-Forwarding/ta-p/145950

View solution in original post

Highlighted
L4 Transporter

Re: Exempt alerting for specific threat

Thanks you guys, We hope to upgrade to 8 soon

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!