Which are the PAN-DB URL categorization rules?

Reply
Highlighted
L1 Bithead

Which are the PAN-DB URL categorization rules?

When an URL is categorized as malware by PAN-DB, I can´t find the reasons of  such decision.

Why has it been categorized as malware?

Is there any way to know more about such decision?

I will be grateful if you can explain me this decision.

G.A.

Tags (2)

Accepted Solutions
Highlighted
L5 Sessionator

Hi G.A.,

While we do have the information on why a particular URL/IP has been categorized as malware, it is not something that we are currently able to include in our automated email responses for change requests.  This integration is something that we're working on so that we can help provide more detail and context to our customers.  In the meantime, if you would like more information, please feel free to forward your question through your SE, or you can always submit your questions via the comments section in a submission.

Thanks,

Doris

View solution in original post


All Replies
Highlighted
L3 Networker

Hello G.A,

We have a internal process which is done by our URL filtering team to categorize particular URL

There might be known malware on the site itself ,which is manually viewed by URL filtering team and classified as malware category.


If you can provide me the URL in question I can check with our URL filtering team about the categorization.

Regards,

Jahnavi

Highlighted
L5 Sessionator

Hi G.A.,

When our threat prevention team analyzes malware samples, it takes note of where the malware was hosted and what it was attempting to connect to.  This helps us gather information about what is infected and any possible related hosts, C&C, etc.  As Jahnavi mentioned above, if a URL/IP is categorized as malware in PAN-DB, it does not necessarily mean that the URL/IP in question is hosting malware, but it could be part of a network associated with a specific malicious attack.  If you suspect that a URL/IP has been miscategorized as malware, you can always request a change via our PAN-DB site: Palo Alto Networks URL Filtering - Test A Site .  Feel free to add your comments in your submission, and the team will take a look.

Hope this helps,

Doris

Highlighted
L1 Bithead

Helo Doris,

I've allready asked for category change of a few sites marked as "malware".

Sometimes PAN team changes it as I suggested, other times the new category is still "malware" and I have no clue of such decision.

There is no report of the decision so we can't tell the owner (or the user) of the site "there is a security problem because of..." or "fix this item.."

Therefore, I have to "whitelist" the URL in order to let the user visit those sites ( AFAIK not malware).

It would be nice if the URL filtering team could provide a little report when the change request is still malware...

Many thanks for considering my request.

G.A.

Highlighted
L5 Sessionator

Hi G.A.,

While we do have the information on why a particular URL/IP has been categorized as malware, it is not something that we are currently able to include in our automated email responses for change requests.  This integration is something that we're working on so that we can help provide more detail and context to our customers.  In the meantime, if you would like more information, please feel free to forward your question through your SE, or you can always submit your questions via the comments section in a submission.

Thanks,

Doris

View solution in original post

Highlighted
L1 Bithead

Thanks  your help !

G.A.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!