All Palo Alto Networks threat signatures now have permanent,
globally unique IDs that you can use to look up threat signature
information and create permanent threat exceptions. While globally
unique IDs are already provided for vulnerability and spyware signatures,
this release extends unique IDs to antivirus and DNS signatures.
Previously, antivirus and DNS signature IDs were sometimes reused
due to the large number of signatures generated on a daily basis
and some IDs matched to more than one signature. Now, because you
must configure threat exceptions based
on threat IDs, globally unique threat IDs ensure that these exceptions
remain permanently and correctly enforced.
Additionally, PAN-OS 8.0 introduces new threat categories to
classify different types of threat signatures along with the new
threat IDs. You can use the threat categories to filter both firewall
logs and the ACC for certain types of threats and to build custom
If a vulnerability signature has been disabled, the signature
UTID might be reused for a new signature.
Review the content
update release notes for notifications regarding new and disabled
signatures. Vulnerability signatures might disabled in cases where:
the activity the signature detects has fallen out of use by attackers,
the signature generated significant false positives, or the signature
was consolidated with other similar signatures into a single signature
Review the PAN-OS 8.0 upgrade and downgrade
considerations for this feature before you get started:
antivirus and DNS signatures now have globally unique IDs, the threat
ID ranges that existed for these signatures in previous release versions
no longer apply. If you have used antivirus and DNS threat ID ranges to
build any custom logic, to create custom reports, or as part of
an integration with a security information and event management
(SIEM) solution, you should revisit those areas to see if you can
instead leverage the new Threat categories.