This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

Suspicious DNS Query Action

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Suspicious DNS Query Action

HartkentlyNua
L2 Linker

‎05-22-2014 12:33 AM

Hello PAN Community,

I would just like to know if its possible to edit or change the default action for a specific suspicious DNS query?

We have a situation here where what we wanted to happen is to drop all the packets for suspicious DNS query instead of resetting both connection.

Thank you in advance.

Regards,

Hartkently

0 Likes Likes
7 REPLIES 7

nchong
L2 Linker

‎05-22-2014 03:33 AM

Hi Hartkently,

In the vulnerability profile that you are using, you can click on the exception tab and search for the Threat that you want to change the action. On the action column you will then be able to change the action from "default (reset-both)" to "drop"

Regards,

Narong

HartkentlyNua
L2 Linker
In response to nchong

‎05-22-2014 06:20 AM

Hello Narong,

Thank you for that information, I certainly can change the default action there. however, the threats that we are looking for isn't there. please see the image below,

1.png

these are the kind of threats that we want change the action.

Thank  you.

Regards,

Hartkently

0 Likes Likes

HULK
L7 Applicator
In response to HartkentlyNua

‎05-22-2014 09:25 AM

Hello Hartkently,

Do you have the "threat-ID" for those you want to change the default action...?

FYI:

spyware.JPG

Thanks

0 Likes Likes

HartkentlyNua
L2 Linker

‎05-22-2014 07:02 PM

Hello Hulk,

below is the traffic info of the threat that we want to change the action.

2.JPG

if i'm not mistaken, the ID on the threat details is the threat ID. I tried looking for it on the vulnerability protection and anti-spyware, but the only place i found it was in the DNS signatures and there no change or edit action there.

thank you.

regards,

hartkently

0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks