Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
- Panorama
- AIOps for NGFW
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- Cloud NGFW for AWS
- CN-Series
- VM-Series:
- Private Cloud
- OCI
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
- Cortex Xpanse
Security Operations
- Resources
- COVID-19 Response Center
About SCCDavek
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- About SCCDavek
09-30-2021
2Posts
1Like
0Solutions
Sep 30, 2021Last Visited
User
Activity
User
Profile
Latest posts by SCCDavek
| Subject | Views | Posted |
|---|---|---|
| 2189 | 04-10-2014 06:27 AM | |
| 3644 | 04-10-2014 05:49 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 04-10-2014 05:49 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 5 Likes |
User Badges
Community Statistics
| Member Since | 02-13-2013 08:39 AM |
| Date Last Visited | 09-30-2021 10:44 AM |
| Posts | 2 |
| Total Likes Received | 1 |
04-10-2014
06:27 AM
davido140 wrote:
Just used heartbleed in the threat name on the rule in the Vuln' protection profile and set the action to block
This forces traffic to be dropped for the "medium" severity threats related to heartbleed in the 430 update.
Effect from one of the online tests will be a timeout and you'll get an event in the threat log.
The target system MUST be vulnerable to trigger these signatures, if you've already patched it you wont see anything in the logs.
Ah, so you made a custom Vulnerability Protection profile then applied that to your security policies. . That makes sense. Thank you!
... View more
04-10-2014
05:49 AM
1 Kudo
davido140 wrote:
Thank you!
Got it all working perfectly now at several locations. I also created a custom rule to block/drop those medium severity signatures in the latest update, this results in the online tests failing too (malformed response) to give clients some extra peace of mind.
Seeing a large number of IPs from China trying to exploit this!
Several days of replacing SSL certificates ahead of me now!
What parameters did you use to trigger this rule? I'm not seeing any way to trigger on a threat ID or anything like that.:smileyconfused:
... View more
LEGAL NOTICES
Copyright 2007 - 2022 - Palo Alto Networks
