How to verify that threat profiles are actually performing

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to verify that threat profiles are actually performing

L0 Member

Hello,

 

I currently have one rule, that pertains to one inside and one outside host.  I have a few profiles added to the rule such as a/v, spyware, vulnerability and file blocking.  I dont see any events in the Threat monitor nor my Syslog server so my assumption is all is well, no threats detected?  Is there any other way to confirm the firewall is performing the checks in the profile?

 

Thanks

4 REPLIES 4

L0 Member

As long as the traffic is communication across the rule that has your threat profiles applied then it should be filtering. I would search the destination and source address and verify that the traffic is not hitting any other rules first. 

Yes traffic is flowing.  Wish there was some other level of verification regarding the applied threat-profiles

Thanks

There are a few sites out there that will test it for you from the Internet IN.

 

Or go out and find an EICAR - eicar.org

L4 Transporter

You may also refer to https://www.paloaltonetworks.com/documentation/81/wildfire/wf_api/get-wildfire-information-through-t... to pull some test files through your firewall to generate threat log entries

  • 6476 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!