Exempt alerting for specific threat

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Exempt alerting for specific threat

L4 Transporter

We have an open wifi network and do see lot of coinhive spyware threat alerts. Recently a user genrated in excess 30000 email alerts for CoinHive JavaScript Detection. We don't want to block the user and also the external IP is not single one. Firewall is set to reset-bot on detection. We just don't want to see this email alert, is there a workaround to disable alert on a specific spyware.

1 accepted solution

Accepted Solutions

L7 Applicator

PAN-OS 8.0 introduced "Filtered Log Forwarding".  This would allow you to further "tweak" the rule that generates e-mail notifications.  You could easily exempt certain events from generating e-mails, regardless of severity.  Read more about it here:

 

https://live.paloaltonetworks.com/t5/Community-Blog/Make-more-sense-using-filtered-log-forwarding/ba...

https://live.paloaltonetworks.com/t5/Tutorials/Tutorial-Filtered-Log-Forwarding/ta-p/145950

View solution in original post

6 REPLIES 6

Cyber Elite
Cyber Elite

Hello,

Yes there is. Just use the exception tab to filter the one you dont want to see out. Set it something lower and change the action.

 

image.png

 

Hope that helps.

How would you change the severity of threat under exceptions? SMTP Alerts are set for anything medium to critical.

Just to mention this is for antispyware although it should be similar to vulnerability protection.

Sorry, that is where my fingers were quicker than my brain. You are correct the severity cannot be changed. If you have a SIEM you can just use it for the alerts and silence the PAN.

 

Just a thought.

L7 Applicator

PAN-OS 8.0 introduced "Filtered Log Forwarding".  This would allow you to further "tweak" the rule that generates e-mail notifications.  You could easily exempt certain events from generating e-mails, regardless of severity.  Read more about it here:

 

https://live.paloaltonetworks.com/t5/Community-Blog/Make-more-sense-using-filtered-log-forwarding/ba...

https://live.paloaltonetworks.com/t5/Tutorials/Tutorial-Filtered-Log-Forwarding/ta-p/145950

Thanks you guys, We hope to upgrade to 8 soon

L0 Member

Where would one do this in PANOS 11.X?

  • 1 accepted solution
  • 4167 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!