Change the Brute Force Trigger Criteria - Knowledge Base - Palo Alto Networks

Change the Brute Force Trigger Criteria

72518

Created On 09/26/18 13:44 PM - Last Modified 04/08/24 14:36 PM

Vulnerability Protection

Threat Intelligence

Threat Prevention

9.1

10.2

10.1

11.1

11.0

PAN-OS

Panorama

Next-Generation Firewall

Environment

PA Firewalls
All Panos releases with vulnerability Protection profile.

Cause

One wants to edit the default value according to the company policy.

Resolution

Overview

This document describes how to view and edit the default attempts it takes to successfully trigger a brute force attempt passing through the Palo Alto Networks firewall.

Steps

Open the Vulnerability profile, go to Object > Security Profiles > Vulnerability Protection
Open the Exceptions tab
Click on Show All Signatures
Type in "brute force" or the Threat ID in the search field
Click on the pencil icon next to the signature name to customize
After making the customization, click the Enable check box to enable the signature
Edit the Time Attributes, as desired. The Aggregation Criteria can be Source, Destination, or Source-and-Destination.
Commit the changes

IMPORTANT NOTE: The "Action" configured under "Exceptions" will take precedence over the action configured under "Rules" in the Vulnerability Protection profile. In the above screenshot, we can see that the action is "alert" and that's the action that'll be taken when this signature is triggered.

Additional Information

The list of brute force vulnerabilities is found in the following reference document: Brute Force Signature and Related Trigger Conditions

Other users also viewed:

How to download GlobalProtect from the Customer Support Portal

Download and Install the GlobalProtect App for Windows

Resource List: GlobalProtect Configuring and Troubleshooting

PAN-OS Software Updates

Where to find the current preferred software versions? (PAN-OS, GlobalProtect, User-ID Agent, Plugins)