This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
Exception for DNS signature which is showing the ID as 0 and FQDN as unknow
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- Discussions
- Cloud Delivered Security Services
- Threat & Vulnerability
- Re: Exception for DNS signature which is showing the ID as 0 and FQDN as un
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
07-12-2020 08:18 AM
Getting false positive for the Link tivoli.com.qa as threat name(68360795).Its getting DNS sinkholing.Can anyone help to know how we give the exception only for the threat ID 68360795 and the Fqdn is tivoli.com.qa. Attached screenshots below
7 REPLIES 7
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
07-13-2020 11:14 AM
Hi @hisingh ,
Thanks for your reply.Please find the detailed threat log for ID 68360795
as mentioned before most 68360795 is unknow in my firewall also most of the signatures are unknown. I checked in another firewall which is having same content version
visible.But same in my firewall showing as unknown.If you can check the previous screenshots related to exception you can see the ID eg: 327772845 which is also showing as unknown.For confirming please check this ID in your FW
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
07-14-2020 12:39 PM
Did you check the threat vault connectivity from PA devices.
Test connectivity to the Threat Vault using:
> test threat-vault connection
or you can check it from System logs.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PM0BCAW
NpN
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
07-14-2020 12:56 PM
Hi Nijith,
Thanks for your commments. Now its working after changing the DNS to public.
Related Content
- Threat 576037320 in Threat & Vulnerability Discussions
- DNS Signatures in Threat & Vulnerability Discussions
- SSH Proxy decryption disables vulnerability protection? in Threat & Vulnerability Discussions
- Threat 109020001 detection, dropping LAN traffic after 10.0.0 upgrade in Threat & Vulnerability Discussions
- Exception for DNS signature which is showing the ID as 0 and FQDN as unknow in Threat & Vulnerability Discussions
Like what you see?
Show your appreciation!
Click Like if a post is helpful to you or if you just want to show your support.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks