How to Validate and Report Application Misidentification

How to Validate and Report Application Misidentification

18391
Created On 09/25/18 15:19 PM - Last Modified 10/12/20 16:13 PM


Resolution

Overview

This document describes how to validate a misidentified application and what information is needed to report it to Palo Alto Networks.

 

Details

Validate

  • Verify the information about the application (such as behavior, dependencies, and standard port) at the Application Research Center.
  • Check the Dynamic Updates page on the Palo Alto Networks support website for the most up-to-date versions of Application and Threats content.
  • Ensure that the Palo Alto Networks firewall has the latest version of Application and Threats content.

 

Report

  1. Name of the application seen in traffic logs or session table
  2. Expected Application
  3. System information:
    > show system info
  4. Filtered traffic logs (.csv format) showing the misidentification
  5. Session details for one of the misidentified sessions
    > show session id  <sesion id >
  6. When the issue started (for example, after installation of the App Version 379-1840)
  7. Client PCAP of the Application
  8. Application dump  (see How to Get an Application PCAP)

Note: Additional troubleshooting may be required if the Palo Alto Networks support staff is unable to validate or recreate the issue.

 

owner: akawimandan

 



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClDnCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language