Searching Threat IDs, Signatures and other Indicators on Threat Vault
Objective
Research the latest threats (vulnerabilities/exploits, viruses, and spyware) that Palo Alto Networks next-generation firewalls can detect and prevent
Note: Need have a valid support account
Environment
- ThreatVault
Procedure
You can search Threat Vault for most types of indicators. To start, navigate to Threat Vault using the link - https://threatvault.paloaltonetworks.com/
You can also search by indicators like Hash, CVE numbers, Signature ID, and Domain name as indicated below.
Threat Vault contains the following information:
- Anti-spyware Signatures
- Antivirus Signatures
- DNS Signatures
- File-format signatures
- IP Feed
- PAN-DB URL Classifications
- Vulnerability Protection Signatures
- WildFire Signatures
Threat Vault also has an API. The Threat Vault API provides Palo Alto Networks customers with an active Advanced Threat Prevention or Threat Prevention subscription with the ability to access threat signature metadata and other pertinent information that's only available in Threat Vault, through a programmatic RESTful API.
Before using the Threat Vault API, please refer to Cloud-Delivered Security Services API Developer's docs for more information about using the API, including authentication details, access limits, and examples.
Additional Information
- Video Tutorial: In-Depth Look at Threat Vault
- Tips & Tricks: How to Use the Threat Database and Search for CVE Numbers
- What is the meaning of "Current Release: n/a" on ThreatVault?
- Why is the Threat ID/Current Release For DNS Signature Showing up as 'n/a' for DNS Signatures in ThreatVault?
- Threat Vault API