Hi all. I am reviewing the "Threat" section on the Palo Alto firewall and I noticed some weird thing, perhaps it is normal, but I can't tell, thus this thread. There are couple of threat in the "Critical" category indicated with the "dropped" action. Yet when I opened the threat to see the details, I am seeing two timestamp for this event and each of the timestamp carries a different action. For example, a timestamp at 4:00AM marked with a "dropped" action (type is "vulnerability), yet another timestamp at 4:01AM for the same threat (type is "end") would marked with an "allow" action. Is this treat being blocked or it is allowed? Little bit confuse here. Thank you.
Solved! Go to Solution.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The Live Community thanks you for your participation!