Hi Sandeep, Yes , my query does relate to nomenclature. Here is the problem I am trying to solve. Palo Alto sits at the perimeter and provides me information of viruses that are being detected/blocked by the AV component. What I am trying to see is if I can map this back to the actual host based AV solutions that might be using on the endpoints within my network. E.g. Sophos/ Macfee etc. Based on your comments I do realise this would be a difficult scenario for any solution that uses different AV engines, but there are vendors that do something similar , e.g. Ironport publishes this infomation at http://www.ironport.com/toc/. They used to provide the corresponding singnature ID's from the other AV vendors, but I dont see that info now.I know they have tieups with Sophos and Macfee for their signatures but Trend Micro and Symantec , i am not sure. I reffered to MAEC becuase that is the closest I could get to a standard that could bring some interoprability between the vendors. If the description field in Palo Alto AV could include at least the information related to what would be used in MAEC standard , then that would give us some more visibility into the actual virus that is being blocked , and maybe use that to find the corresponding in other AV solutions. But the best would be if I could actually map the AV signatures provided by Palo Alto to other host based AV solution like Ironport does (or at least used to do, i know this is difficult untill there is a proper standard). Regards, Sunil
... View more