Palo Alto Networks Knowledgebase: Vulnerability Profile Rule vs Vulnerability Signature Action

Vulnerability Profile Rule vs Vulnerability Signature Action

(382 Views)
Created On 09/26/18 19:13 PM - Last Updated 09/26/18 20:38 PM
Categories:  Threat Intelligence,  Threat Prevention

Issue:


Solution:


In some cases, actions set on a vulnerability are not applied as expected. This is due to the policy inside the profile taking precedence over the individual vulnerability, if set to anything other than 'Default.'

 

The following is vulnerability protection profile and action for c2s is reset-both.

 

Vulnerability rules.png

 

Let's say you have created a custom vulnerability signature to block a specific website and severity for the custom signature is critical and action is alert.

 

Vulnerability custom signautre.png

 

If you try to access that website, you won't be able to do so, even though the action for the custom vulnerability is alert. That's because the vulnerability profile rule for critical is reset-both. The action set in the profile rule takes precedense over the individual vulnerability action. If you want that rule to not take precedence, create an exception for that vulnerability.

 

Access website.png

 

Threat Logs

 

Logs.png

Attachments:

Actions:
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm3ECAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Change Language: