New Threat Categories and How to Use Them

This feature also introduces new threat categories to classify different types of threats. You can use threat categories to filter threat logs and ACC activity and to build custom reports. If, in earlier release versions, you had configured custom reports for antivirus and DNS signatures based on threat ID ranges, you can use threat categories to recreate those reports.
Custom reports based on antivirus and DNS ID ranges will no longer exist following the upgrade to PAN-OS 8.0.
The following table lists and describes threat categories that are used to classify different types of threat signatures and the events that these signatures detect. The threat categories are subsets of the more broad threat signature types: spyware, vulnerability, antivirus, and DNS signatures.
New Threat Category in PAN-OS 8.0
Description
Threat Type
Content Update that Provides These Signatures
apk
Malicious Android Application Package (APK) files.
virus
wildfire-virus
Antivirus
WildFire or WildFire Private
autogen
C2 traffic that has been detected with automatically-generated C2 signatures—these signatures can detect C2 traffic even when the C2 host is unknown or changes rapidly.
spyware
Antivirus
dmg
Apple disk image files (DMG), used with the Mac OS X operating system.
virus
wildfire-virus
Antivirus
WildFire or WildFire Private
dns
DNS queries for hostnames associated with malware.
spyware
Antivirus
dns-wildfire
DNS queries for hostnames associated with malware—these are queries that WildFire detected when executing a previously unknown file in the WildFire virtual environment.
spyware
WildFire or WildFire Private
flash
Adobe Flash applets and Flash content embedded in web pages.
virus
wildfire-virus
Antivirus
WildFire or WildFire Private
flash-lzma
Adobe flash files that have undergone Lempel-Ziv-Markov chain algorithm (LZMA) compression.
virus
wildfire-virus
Antivirus
WildFire or WildFire Private
java-class
Java applets (JAR/class file types).
virus
wildfire-virus
Applications and Threats
js
JavaScript files.
virus
Antivirus
macho
Mach object files (Mach-O) are executables, libraries, and object code that are native to the Mach OS X operating system.
virus
wildfire-virus
Antivirus
WildFire or WildFire Private
office
Microsoft Office files, including documents (DOC, DOCX, RTF), workbooks (XLS, XLSX), and PowerPoint presentations (PPT, PPTX).
virus
wildfire-virus
Antivirus
WildFire or WildFire Private
openoffice
Office Open XML (OOXML) 2007+ documents.
virus
wildfire-virus
Antivirus
WildFire or WildFire Private
pdf
Portable Document Format (PDF) files.
virus
wildfire-virus
Antivirus
WildFire or WildFire Private
pe
Portable Executable (PE) files, including object code, DLLs, and FON (fonts).
virus
wildfire-virus
Antivirus
WildFire or WildFire Private
pkg
Apple software installer packages (PKGs), used with the Mac OS X operating system.
virus
wildfire-virus
Antivirus
WildFire or WildFire Private

Related Documentation