Learn More About Threat Signatures
Firewall Threat logs record all threats the firewall detects based on threat signatures (Set Up Antivirus, Anti-Spyware, and Vulnerability Protection) and the ACC displays an overview of the top threats on your network. Each event the firewall records includes an ID that identifies the associated threat signature.
You can use the threat ID found with a Threat log or ACC entry to:
- Find the latest Threat Vault information about a specific threat. Because the Threat Vault is integrated with the firewall, you can view threat details directly in the firewall context or launch a Threat Vault search in a new browser window for a threat the firewall logged.
- Confirm the firewall is connected to the Threat Vault.Selectand edit theDeviceSetupManagementLogging and Reportingsetting toEnable Threat Vault Access. Threat vault access is enabled by default.
- Find the threat ID for threats the firewall detects.
- To see each threat event the firewall detects based on threat signatures, select. You can find the ID for a threat entry listed in the ID column, or select the log entry to view log details, including the Threat ID.MonitorLogsThreat
- To see an overview of top threats on the network, selectand take a look at the Threat Activity widget. The ID column displays the threat ID for each threat displayed.ACCThreat Activity
- To see details for threats that you can configure as threat exceptions (meaning, the firewall enforces the threat differently than the default action defined for the threat signature), select.ObjectsSecurity ProfilesAnti-Spyware/Vulnerability ProtectionAddor modify a profile and click theExceptionstab to view configured exceptions. If no exceptions are configured, you can filter for threat signatures or selectShow all signatures.
- Hover over aThreat Nameor the threatIDto open the drop-down, and clickExceptionto review both the threat details and how the firewall is configured to enforce the threat.For example, find out more about a top threat charted on the ACC:
- Review the latestThreat Detailsfor the threat and launch a Threat Vault search based on the threat ID.
- Threat details displayed include the latest Threat Vault information for the threat, resources you can use to learn more about the threat, and CVEs associated with the threat.
- SelectView in Threat Vaultto open a Threat Vault search in a new window and look up the latest information the Palo Alto Networks threat database has for this threat signature.
- Check if a threat signature is configured as an exception to your security policy.
TheUsed in security rule columndoes not indicate if the Security policy rule is enabled, only if the Security policy rule is configured with the threat exception. Selectto check if an indicated security policy rule is enabled.PoliciesSecurity
- If theUsed in current security rulecolumn is clear, the firewall is enforcing the threat based on the recommended default signature action (for example, block or alert).
- A checkmark anywhere in theUsed in current security rulecolumn indicates that a security policy rule is configured to enforce a non-default action for the threat (for example, allow), based on the associatedExempt Profilessettings.
- Addan IP address on which to filter the threat exception or view existingExempt IP Addresses.Configure an exempt IP address to enforce a threat exception only when the associated session has either a matching source or destination IP address; for all other sessions, the threat is enforced based on the default signature action.
Threat Details Monitor > Logs > Threat ACC > Threat Activity Objects > Security Profiles > Anti-Spyware/Vulnerability Protection Use the Threat Details dialog to learn ...
Learn More About Threat Signatures using Threat IDs
Learn More About Threat Signatures using Threat IDs The firewall Threat logs record all threats the firewall detects based on threat signatures and the ACC ...
Create Threat Exceptions
Create Threat Exceptions Palo Alto Networks defines a recommended default action (such as block or alert) for threat signatures. You can use a threat ID ...
Objects > Security Profiles > Anti-Spyware Profile
Objects > Security Profiles > Anti-Spyware Profile You can attach an Anti-Spyware profile to a Security policy rule for detecting connections initiated by spyware and ...
Enhanced Coverage for Command and Control (C2) Traffic
Leverage automatically-generated C2 signatures protect your network from attacks. ...
Globally Unique Threat IDs
Globally Unique Threat IDs All Palo Alto Networks threat signatures now have permanent, globally unique IDs that you can use to look up threat signature ...
Objects > Security Profiles > Vulnerability Protection
Objects > Security Profiles > Vulnerability Protection A Security policy rule can include specification of a Vulnerability Protection profile that determines the level of protection ...
Content Inspection Features
Content Inspection Features New Content Inspection Features Description Credential Phishing Prevention Phishing sites are sites that attackers disguise as legitimate websites with the aim to ...
Learn More About and Assess Threats
Learn More About and Assess Threats Features of Threat Vault and AutoFocus are integrated into the firewall to provide visibility into the nature of the ...