vulnerability and spyware showing in monitor need to check its blocked from PA or not and need more clarity on same

cancel
Showing results for 
Search instead for 
Did you mean: 

vulnerability and spyware showing in monitor need to check its blocked from PA or not and need more clarity on same

L0 Member

vulnerability and spyware showing in monitor need to check its blocked from PA or not and need more clarity on same

4 REPLIES 4

L1 Bithead

The threat logs will show what action has been taken.Can you pls elaborate what your issue is? Do you wish to block the threats?

 

L0 Member

Hi,

Please suggest.

DCS-2530L Unauthenticated Information Disclosure Vulnerability  :- Action- reset both

ZGrab Application Layer Scanner Detection :- :- Action-  alert

name-of-threatid eq 'generic:in-page-push.com :- Action :- sinkhole

Zeroshell Remote Command Execution Vulnerability  :- Action- reset both

 

L1 Bithead

You can check the below url for more clarity on the different actions that Palo Alto takes on a traffic.

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-web-interface-help/objects/objects-security-prof...

 

For you to decide if you need to block any threat, you should be able to double check by analysing the Src/Dst IPs to see if the traffic is valid in your environment.

Incase of url, doble check the url.  Please DO ALWAYS check if you are seeing any false positves.

You can create security policy to completely block these Ips, if they are really threats. If you feel the src and dst are valid then Palo Alto may be blocking genuine traffic. You may need to exclude the IPs in the threat signature.

Click on the magnifying glass in the threat logs to view more details.

L0 Member

Thanks for the update and quick reply. I'll be sure to keep an eye on this thread.

 

TellDunkin

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!