This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Exempt alerting for specific threat

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Exempt alerting for specific threat

Go to solution
raji_toor
L4 Transporter

‎01-10-2018 11:37 AM

We have an open wifi network and do see lot of coinhive spyware threat alerts. Recently a user genrated in excess 30000 email alerts for CoinHive JavaScript Detection. We don't want to block the user and also the external IP is not single one. Firewall is set to reset-bot on detection. We just don't want to see this email alert, is there a workaround to disable alert on a specific spyware.

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
jvalentine
L7 Applicator

‎01-10-2018 03:02 PM

PAN-OS 8.0 introduced "Filtered Log Forwarding".  This would allow you to further "tweak" the rule that generates e-mail notifications.  You could easily exempt certain events from generating e-mails, regardless of severity.  Read more about it here:

 

https://live.paloaltonetworks.com/t5/Community-Blog/Make-more-sense-using-filtered-log-forwarding/ba...

https://live.paloaltonetworks.com/t5/Tutorials/Tutorial-Filtered-Log-Forwarding/ta-p/145950

View solution in original post

6 REPLIES 6

Go to solution
OtakarKlier
Cyber Elite
Cyber Elite

‎01-10-2018 02:14 PM

Hello,

Yes there is. Just use the exception tab to filter the one you dont want to see out. Set it something lower and change the action.

 

image.png

 

Hope that helps.

0 Likes Likes

Go to solution
raji_toor
L4 Transporter
In response to OtakarKlier

‎01-10-2018 02:50 PM

How would you change the severity of threat under exceptions? SMTP Alerts are set for anything medium to critical.

Just to mention this is for antispyware although it should be similar to vulnerability protection.

0 Likes Likes

Go to solution
OtakarKlier
Cyber Elite
Cyber Elite
In response to raji_toor

‎01-10-2018 02:57 PM

Sorry, that is where my fingers were quicker than my brain. You are correct the severity cannot be changed. If you have a SIEM you can just use it for the alerts and silence the PAN.

 

Just a thought.

0 Likes Likes

Go to solution
jvalentine
L7 Applicator

‎01-10-2018 03:02 PM

PAN-OS 8.0 introduced "Filtered Log Forwarding".  This would allow you to further "tweak" the rule that generates e-mail notifications.  You could easily exempt certain events from generating e-mails, regardless of severity.  Read more about it here:

 

https://live.paloaltonetworks.com/t5/Community-Blog/Make-more-sense-using-filtered-log-forwarding/ba...

https://live.paloaltonetworks.com/t5/Tutorials/Tutorial-Filtered-Log-Forwarding/ta-p/145950

Go to solution
raji_toor
L4 Transporter
In response to jvalentine

‎01-11-2018 12:15 PM

Thanks you guys, We hope to upgrade to 8 soon

0 Likes Likes

Go to solution
ThomasBezak
L0 Member

‎10-01-2024 08:37 AM

Where would one do this in PANOS 11.X?

0 Likes Likes
  • 1 accepted solution
  • 4346 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks