- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
08-15-2021 03:52 AM
vulnerability and spyware showing in monitor need to check its blocked from PA or not and need more clarity on same
08-15-2021 10:29 PM
The threat logs will show what action has been taken.Can you pls elaborate what your issue is? Do you wish to block the threats?
08-15-2021 11:29 PM
Hi,
Please suggest.
DCS-2530L Unauthenticated Information Disclosure Vulnerability :- Action- reset both
ZGrab Application Layer Scanner Detection :- :- Action- alert
name-of-threatid eq 'generic:in-page-push.com :- Action :- sinkhole
Zeroshell Remote Command Execution Vulnerability :- Action- reset both
08-16-2021 03:12 AM
You can check the below url for more clarity on the different actions that Palo Alto takes on a traffic.
For you to decide if you need to block any threat, you should be able to double check by analysing the Src/Dst IPs to see if the traffic is valid in your environment.
Incase of url, doble check the url. Please DO ALWAYS check if you are seeing any false positves.
You can create security policy to completely block these Ips, if they are really threats. If you feel the src and dst are valid then Palo Alto may be blocking genuine traffic. You may need to exclude the IPs in the threat signature.
Click on the magnifying glass in the threat logs to view more details.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!