Globally Unique Threat IDs

All Palo Alto Networks threat signatures now have permanent, globally unique IDs that you can use to look up threat signature information and create permanent threat exceptions. While globally unique IDs are already provided for vulnerability and spyware signatures, this release extends unique IDs to antivirus and DNS signatures. Previously, antivirus and DNS signature IDs were sometimes reused due to the large number of signatures generated on a daily basis and some IDs matched to more than one signature. Now, because you must configure threat exceptions based on threat IDs, globally unique threat IDs ensure that these exceptions remain permanently and correctly enforced.
Additionally, PAN-OS 8.0 introduces new threat categories to classify different types of threat signatures along with the new threat IDs. You can use the threat categories to filter both firewall logs and the ACC for certain types of threats and to build custom reports.
If a signature has been disabled, the signature UTID might be reused for a new signature.
Review the content update release notes for notifications regarding new and disabled signatures. Signatures might disabled in cases where: the activity the signature detects has fallen out of use by attackers, the signature generated significant false positives, or the signature was consolidated with other similar signatures into a single signature (signature optimization).
Review the PAN-OS 8.0 upgrade and downgrade considerations for this feature before you get started:
  • Because antivirus and DNS signatures now have globally unique IDs, the threat ID ranges that existed for these signatures in previous release versions no longer apply. If you have used antivirus and DNS threat ID ranges to build any custom logic, to create custom reports, or as part of an integration with a security information and event management (SIEM) solution, you should revisit those areas to see if you can instead leverage the new Threat categories.
  • Threat exceptions configured in PAN-OS 7.1 are not migrated with the upgrade to PAN-OS 8.0. Instead, you can now use the new, permanent, and unique IDs to New Threat Categories and How to Use Them.

Related Documentation