Palo Alto Networks Knowledgebase: Vulnerability Profile Rule vs Vulnerability Signature Action

Vulnerability Profile Rule vs Vulnerability Signature Action

Created On 09/26/18 19:13 PM - Last Updated 09/26/18 20:38 PM
Categories:  Threat Intelligence,  Threat Prevention



In some cases, actions set on a vulnerability are not applied as expected. This is due to the policy inside the profile taking precedence over the individual vulnerability, if set to anything other than 'Default.'


The following is vulnerability protection profile and action for c2s is reset-both.


Vulnerability rules.png


Let's say you have created a custom vulnerability signature to block a specific website and severity for the custom signature is critical and action is alert.


Vulnerability custom signautre.png


If you try to access that website, you won't be able to do so, even though the action for the custom vulnerability is alert. That's because the vulnerability profile rule for critical is reset-both. The action set in the profile rule takes precedense over the individual vulnerability action. If you want that rule to not take precedence, create an exception for that vulnerability.


Access website.png


Threat Logs




  • Print
  • Copy Link

Change Language: