This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

How to view the "Hits" of my Vulnerability Protection Rule

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

How to view the "Hits" of my Vulnerability Protection Rule

Eugene_Alejandro
L2 Linker

‎04-02-2017 08:27 PM

Hello Everyone,

I am quite new to PA, so i would need your suggestion about this.

I created a Vulnerability Protection Rule wherein my goal is once a Signature update arrives (Vulnerability signature), all those that are “Critical” would have an automatic Action of Drop. And that I dont need to manually set the action for "Critical" threat one-by-one inside the "Exceptions" tab. Here's the rule i created.

 

CriticalVulnerability.jpg

 

Can you please advise if there is a custom report that I can set or a section where i can see the running "hits" for this rule? Just like how the Logs in the "Monitoring" tab display the running traffic, threats, etc etc.

 

Thank you very much!!

1 person had this problem.
0 Likes Likes
2 REPLIES 2

Eugene_Alejandro
L2 Linker

‎04-02-2017 08:58 PM - edited ‎04-02-2017 11:21 PM

Thinking through it as I read back my own post. Is the rule I created applicable to my objective?

 

My Objective:

Instead of me “manually” changing the default action for all “Critical” severity signatures as they are delivered by Palo Alto , I want a rule to do this for me automatically. Meaning, once a Signature update arrives (Vulnerability signature), all those that are “Critical” should have an Action of Drop, since I already set a rule that is applied in my Vulnerability profile.

 

Or this rule is more on the "Threat" as it comes in, and not on the "Vulnerability Signature"? Sorry for branching out my question, I just want to nail this down really hard. Thanks again.

 

0 Likes Likes

murphyj
L2 Linker
In response to Eugene_Alejandro

‎06-08-2017 12:07 PM - edited ‎06-08-2017 12:07 PM

If you look at the threat windows under monitor you can you can filter for ( subtype eq vulnerability ) once you have that filtered if you know what rule(s) the vulnerability profile is set to you can then click on the magnifier on the left and look at the details to get more information about the Threat Name that was blocked and the severity. Or depending on the version you are on you could look under the ACC Tab and check the Threat activity and filter by the critical severity and see the rule/count there. I hope that helps if not let me know.
0 Likes Likes
  • 6446 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks