System-level security violations can indicate that an attacker might have compromised your firewall, and the Device Security Settings feature helps you minimize potential damage by allowing you to define how your firewall responds when such violations occur. When Integrity Measurement Architecture (IMA) detects that security violations have been attempted on your firewall, you can configure the system to either continue operating normally or automatically enter maintenance mode to limit potential damage. Your configuration changes are logged with high severity to maintain an audit trail of security policy modifications.

As a network security administrator, you can use this feature to protect your environment when PAN-OS experiences system-level security violations. By default, your firewall continues running when violations occur, but you have the option to configure it to enter maintenance mode instead, which can help contain security breaches by limiting system functionality until you can investigate and remediate the issue.

When security violations are attempted on your firewall, you can invoke your internal incident response (IR) or forensics process to investigate this further. This feature provides you with greater control over your security posture and helps you implement appropriate incident response measures when potential security compromises are detected.