Security Profile default actions

Reply
Highlighted
Not applicable

Security Profile default actions

Once again I find myself searching for documentation, once again I am disappointed. There have been a couple posts over the years asking to see the magical "default actions" and the standard answer is "here's how, go look yourself"

This is an unacceptable answer. Someone has the list - what's the secret? I'll bet it's even updated regularly.

Come on guys.


Accepted Solutions
Highlighted
L4 Transporter

There is no secret. The default actions for vulnerability protection and anti-spyware signatures have been available on the profile either under the custom signatures or under the exceptions area (depending on your PAN-OS version). For antivirus, the default action is always set to block. We are also working on an easier and automated method to make this and other threat meta data available in an upcoming PAN-OS release.  

Alfred

View solution in original post


All Replies
Highlighted
L4 Transporter

There is no secret. The default actions for vulnerability protection and anti-spyware signatures have been available on the profile either under the custom signatures or under the exceptions area (depending on your PAN-OS version). For antivirus, the default action is always set to block. We are also working on an easier and automated method to make this and other threat meta data available in an upcoming PAN-OS release.  

Alfred

View solution in original post

Highlighted
Not applicable

I know it's not a secret, I was being very facetious.

I understand how to find what I am looking for. What I do not enjoy is

having to going through hundreds of pages with a slow interface where

I can only see a few selections at a time, taking notes or screen

shots, to find what has to be documented somewhere at Palo Alto.

Love the part about easier. However, someone has created the document

that describes the list of default actions for Antispyware and

Vulnerability Prevention. This is what customers are looking for, and

I have been asked a number of times what that is. I have started the

process a couple times but never got far before being called off to do

some real work. Having to create a document of the 2,434 Spyware and

4,251 Vulnerabilities in this way will take many hours.

Is there a better way to list the default actions that are not alert?

The search criteria "action contains" does not like "default (anything

in parenthesis)" - it matches everything.

It's got to be out there, and it cannot be hard to find. Someone set

up the defaults - where is the document they used to do the

configuration?

Highlighted
Not applicable

Dear Palo Alto,

Someone PLEASE provide this information, many of your customers really need this to efficiently explain what will happen when we enable these features.  Currently my mgmt will only allow us to alert until I can provide data that explains what "Default" really means.

Thank You

Rob

Highlighted
Not applicable

Is this document available yet.  I could really use it as well.

Highlighted
Not applicable


Now that PAN-OS 5 is out is there a better method for accessing this information without having to manual key this in on the Exceptions GUI?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!