How to Add Exempt IP Addresses from the Threat Monitor Logs

How to Add Exempt IP Addresses from the Threat Monitor Logs

Created On 09/26/18 21:06 PM - Last Updated 10/16/20 23:26 PM

  • Palo Alto Firewall.
  • Any PAN-OS.
  • Exceptions to threats seen in Threat log 



This document describes the steps to add an Exempt IP address for a specific threat.



  1. Navigate to GUI: Monitor > Logs > Threat
Threat Log
  1.  Hover over the target threat name, a pulldown ▾ icon will show right to the Threat name. Click the ▾ pulldown Icon and select "Exception". This is the threat to which the exempt IP addresses are to be added.
Threat Details
  1. Make sure there is a vulnerability profile associated with a security policy. In this example, the 'test123' vulnerability profile has been applied. At this point, check the box to highlight the profile and add the IP address (as shown in the image below). Click OK.
    Note: The IP address can be the Victim or Attacker (source address or destination address ) as shown in the following logs.
Threat Details
  1. Confirm the updates by going to the vulnerability profile and clicking on the exceptions tab. From there, click on the 'IP Address Exemptions" applet, as shown below, to verify the changes.
Threat ID
  1. After you verified changes and confirmed IP addresses of hosts are entered correctly, click OK, OK, and Commit this change to Firewall. From now on, traffic to hosts behind IP address(es) added to the list of Exempt IP addresses will not trigger this vulnerability in this security rule. Traffic to all other IP addresses, or traffic hitting different security rules, will still trigger vulnerability action as defined in that security policy.

  • Print
  • Copy Link

Choose Language