07-12-2020 08:18 AM
Getting false positive for the Link tivoli.com.qa as threat name(68360795).Its getting DNS sinkholing.Can anyone help to know how we give the exception only for the threat ID 68360795 and the Fqdn is tivoli.com.qa. Attached screenshots below
07-14-2020 12:39 PM
Did you check the threat vault connectivity from PA devices.
Test connectivity to the Threat Vault using:
> test threat-vault connection
or you can check it from System logs.
07-13-2020 05:52 AM
The firewall which am using shows an the signature's name as unknown signature and FQDN as showing as unknown-fqdn
07-13-2020 08:38 AM
This seems to be a signature due to DNS security. Can you post the detailed threat logs so I can confirm?
Also, this signature is been replaced that means it is not included in the current release, you should not have any issue with this signature.
07-13-2020 09:42 AM - edited 07-13-2020 09:43 AM
Yes the signature due to DNS security.The firewall which am using all the signatures are currently showing as unknown signature and Unknown fqdn. Attached screenshot below
Same i checked another firewall which is having same AV nd APT versions. Am also trying to give an exception for 68360795 but which also showing as unknown in my FW.
07-13-2020 10:21 AM
Please share the detailed threat logs, you have shared the spyware security profile -> threat exception. I am looking for monitor->threat logs-> detailed view.
Also, this signature is replaced so you will have no issue within it.
Finally, please check this: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PPdBCAW&lang=en_US%E2%80%A...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!