07-09-2014 06:42 AM
Hello,
is there any possibility to get any information about the requirements for detecting an specific threat.
e.g. there is Signature ID : 13457 EBURY, what is this signature looking for ?
Do I have to decrypt anything on the PA to give a deeper look into the payload. Is it only examing the DNS traffic ?
Where could get access to the signature source ?
Thanks
Ralf
07-09-2014 06:56 AM
Hello Ralf,
As per my understanding, you will not be able to get the signature source ( for security reason). Please follow the mentioned link,you may get some more detailed information: An In-depth Analysis of Linux/Ebury
Thanks
07-09-2014 07:42 AM
Hello Ralf,
The default action is set for this threat is "ALEART". Hence, at any point of time if the signature triggers, the PAN firewall will generate a log for the same. GUI > Monitor > Logs > Threat. You may change the default action as mentioned below.
Thanks.
07-09-2014 04:38 PM
The basic information that Palo Alto does provide can be found by searching in the Threat Vault.
https://threatvault.paloaltonetworks.com/
This document shows how to get more detailed information after seeing what is available from Palo Alto.
How to Find Virus Details if Not Available in the Threat Vault
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
