06-27-2017 07:33 PM - edited 06-27-2017 07:51 PM
Hi Folks,
I am being asked how we know that specific threats like Wanna Cry and Petya are blocked by our PA 3020.
I see that our Content was updated back in 698 release that includes the update for Microsoft SMB vunerability, threat ID 32422 and has a CVE number. We are up to date...
I've been searching the threat log based on CVE number, but shows nothing. I've been searching our PA threat alerts, but have not found a threat and block related to this vunerability. Could be safe to say that it's not been attempted on our network?
Checking if anyone may have other suggestions for answering this kind of question or searching for Threat IDs to verify they are blocked?
06-27-2017 08:27 PM
Hi @OMatlock
Unless there are exploitation attempts through your firewall, you will not see a threat log generated.
Make sure as well, that the rules where you are applying the vulnerability profile, are correctly set to "Log at the end"
Finally, I wanted to point out (and I am sure you already know), that the content 698 is passed due, and the latest recommended content is 709 or 711.
I hope this helps.
06-27-2017 08:27 PM
Hi @OMatlock
Unless there are exploitation attempts through your firewall, you will not see a threat log generated.
Make sure as well, that the rules where you are applying the vulnerability profile, are correctly set to "Log at the end"
Finally, I wanted to point out (and I am sure you already know), that the content 698 is passed due, and the latest recommended content is 709 or 711.
I hope this helps.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
