This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About chyates
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About chyates
11-12-2020
9Posts
1Like
0Solutions
Nov 12, 2020Last Visited
User
Activity
User
Profile
Latest posts by chyates
| Subject | Views | Posted |
|---|---|---|
| 5468 | 01-25-2018 04:16 PM | |
| 9780 | 01-23-2018 01:16 PM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 01-25-2018 04:16 PM |
User Badges
Community Statistics
| Member Since | 10-14-2015 12:52 PM |
| Date Last Visited | 11-12-2020 12:18 PM |
| Posts | 9 |
| Total Likes Received | 1 |
01-25-2018
04:16 PM
1 Kudo
So you override the default actions for those severities? I have that configuration in place in some places, but the way the default actions as described to my be an SE from Palo Alto which got me thinking about that approach. He said something to the effect that default action is evaluated very differently than severity. They are basically set based on confidence that there will be no false positives. Another example he gave was the Poodle signature which simply detected any SSLv3 - which you certainly wouldn't want to block, particularly at that time. Granted that was an informational signature, not medium or higher, but you can look at Vulnerability Protection signatures '( severity contains 'critical' ) and ( action contains 'alert' )' and see 1704 signatures (over 1/10th) where the default action is alert (and one that is allow.) Do you even alert below medium? All I have investigated in those severities have ended up on our whitelist so far.
... View more
01-23-2018
01:16 PM
default action = alert. surprising.
... View more
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks