How to create a vulnerability exception

How to create a vulnerability exception

83468
Created On 09/26/18 20:30 PM - Last Modified 03/28/22 19:47 PM


Symptom
When you want to add an exception on vulnerability signatures.

Environment
All  PAN-OS
Threat license 


Cause
Sometimes you want to alternate the behavior and default action on the signature, and this can be done for only one signature or for only a few IPs.

Resolution

Overview 

You may wish to alter the action taken for a vulnerability signature trigger for one single signature in one vulnerability protection object. Please see below for instructions.

 

For more information on all of the exceptions, and how to use them, please visit this article:

How to Use Anti-Spyware, Vulnerability, and Antivirus Exceptions to Block or Allow Threats

 

Steps

  1. Log into the webGUI of your PAN-OS appliance.
  2. Navigate to the Objects tab.navigation bar.pngUsing the navigation menu on the left, select Security Profiles > Vulnerability Protection.security profiles.png
  3. Under the name column in the window on the right, select the Vulnerability Protection object you wish to edit the signature in by clicking on the name. Please note that the default and strict policies, which come default with PAN-OS, cannot be changed and must be cloned first.vulnerbility protection profile.png
  4. Select the Exceptions tab.
  5. Check the show all signatures box.
  6. Search for the threat ID number (or name).
  7. Change the action you wish for the signature to take.
  8. Check the enable box.exceptions.png
  9. Click OK!
  10. Commit the changes.

 

After this is done, every signature in that profile should continue taking the assigned default actions, except for the one you just altered. In this instance, signature 30419 now has an action of ALLOW for any security rules this vulnerability profile is assigned.

 

Note:  Certain vulnerabilities, typically brute-force related, can have their thresholds changed with vulnerability exception:

attributes.png

 

 

 

Note: In the case that you need to collect extended captures in order to report on potential false positives, please follow this article .



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm4yCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language