Hello PAN Community,
I would just like to know if its possible to edit or change the default action for a specific suspicious DNS query?
We have a situation here where what we wanted to happen is to drop all the packets for suspicious DNS query instead of resetting both connection.
Thank you in advance.
below is the traffic info of the threat that we want to change the action.
if i'm not mistaken, the ID on the threat details is the threat ID. I tried looking for it on the vulnerability protection and anti-spyware, but the only place i found it was in the DNS signatures and there no change or edit action there.
Yes you are correct, In case of spyware signature, the ID will be re-used by PAN firewall and you will not be able to change the default action.
Thank you for that information. So there is now way we can change the default action for DNS signatures.
Regarding your last post, We would like to verify the purpose of Threat ID exceptions, what will happen to a specific threat if we include it on the exceptions?
Thank you very much.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!