Steps to Change the Default Action for Signatures

Steps to Change the Default Action for Signatures

30683
Created On 09/26/18 19:13 PM - Last Modified 06/13/23 03:09 AM


Resolution


Overview

This document describes the steps to change the default action for signatures.

 

Prerequisites

  1. Ensure that the most current content version is downloaded and installed.
    Go to Device > Dynamic Updates and click "Check now" at the bottom of the page to view latest updates. If not using the latest updates, then perform a download and install.
    Note: If the latest content version had not been downloaded or installed, log out and then log back into the GUI once this has been done.
  2. Ensure that a Vulnerability Profile has been created and is being used in applicable security policy rules.

 

Steps

  1. Go to Objects > Security Profiles > Vulnerability Protection and click the name of the profile used in the applicable security policy rules.
  2. Click the Exceptions tab.
  3. Check the "Show all signatures" checkbox at the bottom.
  4. Type xxxxx (signature_id) in the search box and hit <enter> or click the green arrow.
    Capture.JPG
  5. Click the checkbox next to the xxxxx signature to enable the exception, and change the action to whatever is desired (drop/alert/allow/block)
  6. Click OK
  7. Commit the changes

 

Once the changes are committed, the Palo Alto Networks firewall will perform the updated action for the the signatures.

 

See also:

How to Determine the Number of Threat Signatures on a Palo Alto Networks Firewall

How to Find Matching Signature for Vulnerabilities

 

owner: parmas
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm3KCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language