URL Category Bulk Check and Getting the List of Threat Names

URL Category Bulk Check and Getting the List of Threat Names

33852
Created On 09/25/18 20:34 PM - Last Modified 06/08/23 01:07 AM


Resolution


Object

You have a list of web sites that you want to check the categories recognized by PAN-DB (or BrightCloud). It's not ideal to check the categories on Test-A-site (https://urlfiltering.paloaltonetworks.com) or on BrightCloud URL/IP lookup page (http://www.brightcloud.com/tools/url-ip-lookup.php) one by one when there are too many sites to check.

 

Solution

The firewall CLI accepts multiple lines of commands at one time. So, this can be achieved by following steps.

 

  1. Create a text file that contains the list of "test url <url>" commands.

    test url www.paloaltonetworks.com

    test url www.google.com

     

  2. (Optional) Switch URL filtering database as needed.

    > set system setting url-database <paloaltonetworks or brightcloud>
    https://live.paloaltonetworks.com/t5/Learning-Articles/PAN-DB-URL-Filtering-CLI-Command-Reference/ta-p/61598

  3. Copy & paste entire text onto firewall CLI.

> test url www.paloaltonetworks.com

 

www.paloaltonetworks.com computer-and-internet-info (Base db) expires in 24000 seconds

www.paloaltonetworks.com computer-and-internet-info (Cloud db)

 

> test url www.google.com

 

www.google.com search-engines (Base db) expires in 0 seconds

www.google.com search-engines (Cloud db)

:

 

Object

Obtaining the list of Threat Names for a certain range of Threat ID.

 

Solution

  1. Create a text file that contains the list of "show threat id <id>" commands.

    show threat id 3800000

    show threat id 3800001

    :


    In order to create such text, following script can be used.

    #!/bin/bash

     

    for i in {3800000..3804000}

    do

        echo 'show threat id '${i} >> command_list.txt

    done


    The Threat ID range can be found in the following article.
    https://live.paloaltonetworks.com/t5/Threat-Articles/Threat-ID-Ranges-in-the-Palo-Alto-Networks-Content-Database/ta-p/59969

     

  2. Copy & paste entire text onto firewall CLI. 

> show threat id 3800000

 

unknown

spyware

 

> show threat id 3800001

 

This signature detected generic:geik.ddns[.]net

 

medium

:

 

Additional Tips

The list of commands for packet-diag can be saved as a text and executed in the same way.

https://live.paloaltonetworks.com/t5/Learning-Articles/How-to-Run-a-Packet-Capture/ta-p/62390
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClhXCAS&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language