How to Check if the Vulnerability Module is Working Properly

How to Check if the Vulnerability Module is Working Properly

33022
Created On 09/26/18 13:55 PM - Last Modified 06/02/23 11:33 AM


Resolution


Overview

A vulnerability profile on the Palo Alto Networks device is configured and added to a security policy. This document describes how to check if the vulnerabilities are being caught and the logs are being triggered in the threat logs under the monitor tab.

 

Details

  1. Go to any http site with a search bar.
  2. Enter the following in the search bar: <script>test</script>. Then, click the search button.

A vulnerability log should be generated under the threat log. This shows that the vulnerability profile is working properly and generating log entries.
Vulnerability-Log.png

NOTE: If you are unable to find a http site which has a search bar then trying with https sites won't generate the same result if you are not using SSL decryption.
In this case, as mentioned above if you do not have SSL decryption enabled, for the same purpose of testing whether the Vulnerability Profile will be matching a signature we can use a simple test as below:

  • Navigate to a site which will never redirect to https and simulate as if we are trying to access sensitive info as shown in the screenshots             
Screenshot 2022-04-29 at 23.54.47.png
  • Go to the threat logs to find that TID 35107 is triggering as in the screenshot below:
​​​​​​​Screenshot 2022-04-30 at 00.14.02.png​​​​​​​

owner: shasnain

 

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm15CAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language