Palo Alto Networks Knowledgebase: How to Add Exempt IP Addresses from the Threat Monitor Logs

How to Add Exempt IP Addresses from the Threat Monitor Logs

(7100 Views)
Created On 09/26/18 21:06 PM - Last Updated 09/26/18 21:10 PM
Categories:  Threat Intelligence,  Threat Prevention

Issue:


Solution:


Overview

This document describes the steps to add an Exempt IP address for a specific threat.

 

Steps

  1. Navigate to Monitor > Logs > Threat
    6-14-2013 1-53-29 PM.png

  2. Click on the target threat name. This is the threat for which the exempt IP addresses are to be added.
    6-14-2013 1-54-51 PM.png
  3. Make sure there is a vulnerability profile associated with a security policy. In this example, the 'test123' vulnerability profile has been applied. At this point, check the box to highlight the profile and add the IP address (as shown in the image below). Click OK.
    Note: The IP address can be the Victim or Attacker (source address or destination address ) as shown in the following logs.
    6-14-2013 1-57-17 PM.png

  4. Confirm the updates by going to the vulnerability profile and clicking on the exceptions tab. From there, click on the 'IP Address Exemptions" applet, as shown below, to verify the changes.
    6-14-2013 1-58-55 PM.png

  5. After you verified changes and confirmed IP addresses of hosts are entered correctly, click OK, OK, and Commit this change to Firewall. From now on, traffic to hosts behind IP address(es) added to the list of Exempt IP addresses will not trigger this vulnerability in this security rule. Traffic to all other IP addresses, or traffic hitting different security rule, will still trigger vulnerability action as defined in that security policy.

Attachments:

Actions:
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm60CAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Change Language: