How to Determine the Number of Threat Signatures on a Palo Alto Networks Firewall

How to Determine the Number of Threat Signatures on a Palo Alto Networks Firewall

34307
Created On 09/26/18 13:44 PM - Last Modified 06/06/23 08:02 AM


Resolution


Overview

By default, threat signatures are not displayed on the Palo Alto Networks firewall unless "Show all signatures" option is checked. This applies to anti-spyware and vulnerability security profiles.Capture3.PNG.png

When the "Show all signatures" option is checked, all the Anti-spyware/Vulnerability signatures will be displayed and the number of threat signatures can be determined.

 

Steps

To view all the signatures, follow the steps below:

  1. Navigate to Objects > Security profiles > [Anti Spyware or Vulnerability Protection]
  2. Select a profile
  3. Go to the Exceptions tab
  4. Make sure that the "Show all signatures" option is checked

 

Example of Anti-Spyware Profile:

The threat ID's from 10001 and above are reserved for Anti-Spyware signatures.

 

Capture1.PNG.png

Note: Threat IDs from 15000 to 18000 are reserved for Custom Spyware signatures.

 

Example of Vulnerability Protection Profile:

The threat ID's from 30001 and above are reserved for Vulnerability signatures.

Capture2.PNG.png

 

Note: The threat ID's from 41000 to 45000 are reserved for Custom Vulnerability signatures.

 

The number of threat signatures will vary depending upon the content version installed on the Palo Alto Networks firewall. The total number will not be the same for all content versions, as new signatures are added frequently to the database.

 

See Also:

How to Find Matching Signature for Vulnerabilities

Steps to Change the Default Action for Signatures

 

owner: tshivkumar
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClmXCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language