Which are the PAN-DB URL categorization rules?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Which are the PAN-DB URL categorization rules?

L1 Bithead

When an URL is categorized as malware by PAN-DB, I can´t find the reasons of  such decision.

Why has it been categorized as malware?

Is there any way to know more about such decision?

I will be grateful if you can explain me this decision.

G.A.

1 accepted solution

Accepted Solutions

Hi G.A.,

While we do have the information on why a particular URL/IP has been categorized as malware, it is not something that we are currently able to include in our automated email responses for change requests.  This integration is something that we're working on so that we can help provide more detail and context to our customers.  In the meantime, if you would like more information, please feel free to forward your question through your SE, or you can always submit your questions via the comments section in a submission.

Thanks,

Doris

View solution in original post

5 REPLIES 5

L3 Networker

Hello G.A,

We have a internal process which is done by our URL filtering team to categorize particular URL

There might be known malware on the site itself ,which is manually viewed by URL filtering team and classified as malware category.


If you can provide me the URL in question I can check with our URL filtering team about the categorization.

Regards,

Jahnavi

L5 Sessionator

Hi G.A.,

When our threat prevention team analyzes malware samples, it takes note of where the malware was hosted and what it was attempting to connect to.  This helps us gather information about what is infected and any possible related hosts, C&C, etc.  As Jahnavi mentioned above, if a URL/IP is categorized as malware in PAN-DB, it does not necessarily mean that the URL/IP in question is hosting malware, but it could be part of a network associated with a specific malicious attack.  If you suspect that a URL/IP has been miscategorized as malware, you can always request a change via our PAN-DB site: Palo Alto Networks URL Filtering - Test A Site .  Feel free to add your comments in your submission, and the team will take a look.

Hope this helps,

Doris

Helo Doris,

I've allready asked for category change of a few sites marked as "malware".

Sometimes PAN team changes it as I suggested, other times the new category is still "malware" and I have no clue of such decision.

There is no report of the decision so we can't tell the owner (or the user) of the site "there is a security problem because of..." or "fix this item.."

Therefore, I have to "whitelist" the URL in order to let the user visit those sites ( AFAIK not malware).

It would be nice if the URL filtering team could provide a little report when the change request is still malware...

Many thanks for considering my request.

G.A.

Hi G.A.,

While we do have the information on why a particular URL/IP has been categorized as malware, it is not something that we are currently able to include in our automated email responses for change requests.  This integration is something that we're working on so that we can help provide more detail and context to our customers.  In the meantime, if you would like more information, please feel free to forward your question through your SE, or you can always submit your questions via the comments section in a submission.

Thanks,

Doris

Thanks  your help !

G.A.

  • 1 accepted solution
  • 3386 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!