How to create a vulnerability exception
Symptom
When you want to add an exception on vulnerability signatures.
Environment
- All PAN-OS
- Threat license
Cause
Sometimes you want to alternate the behavior and default action on the signature, and this can be done for only one signature or for only a few IPs.
Resolution
Overview
You may wish to alter the action taken for a vulnerability signature trigger for one single signature in one vulnerability protection object. Please see below for instructions.
For more information on all of the exceptions, and how to use them, please visit this article:
How to Use Anti-Spyware, Vulnerability, and Antivirus Exceptions to Block or Allow Threats
Steps
1. Log into the web GUI of your PAN-OS appliance.
2. Navigate to the Objects tab
3. Using the navigation menu on the left, select Security Profiles > Vulnerability Protection.
4. Under the Name column in the window on the right, select the Vulnerability Protection object you wish to edit the signature in by clicking on the name. Please note that the default and strict policies, which come default with PAN-OS, cannot be changed.
5. Select the Exceptions tab.
6. Check the Show all signatures box.
7. Search for the Threat ID number (or name).
8. Change the action you wish for the signature to take.
9. Check the enable box.
10. Click OK!
11. Commit the changes.
After this is done, every signature in that profile should continue taking the assigned default actions, except for the one you just altered. In this instance, signature 30419 now has an action of ALLOW for any security rules this vulnerability profile is assigned.
Note: Certain vulnerabilities, typically brute-force related, can have their thresholds changed with vulnerability exception:
Note: In the case that you need to collect extended captures in order to report on potential false positives, please follow the article below