How to find the Threat ID when it is not searchable from threat exception tab

How to find the Threat ID when it is not searchable from threat exception tab

41595
Created On 04/01/20 01:40 AM - Last Modified 10/15/24 13:02 PM


Objective


How to find the information when a threat ID is not searchable in the threat exception UI tab. 

Environment


  • All PAN-OS.
  • Palo Alto Firewall.
  • Threat license is enabled.

Procedure


1. If a signature has been disabled, you will not be able to find the signature by threat ID via the firewall's GUI.

  • For example, threat ID 57775 can't be found through the firewall's UI as follows. 
  • In this situation, check the threat ID using the CLI.
admin@PA.VM> show threat id 57775

Microsoft Windows SMB is prone to a remote code execution vulnerability while parsing certain crafted SMB requests. 
The vulnerability is due to the lack of proper checks on SMB requests, leading to an exploitable remote code execution vulnerability.
An attacker could exploit the vulnerability by sending a crafted SMB request. A successful attack could lead to remote code execution with the privileges of the server.

critical
Unknown
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0796
CVE-2020-0796
2. Another way to check the status is by using our Threat Vault link and searching for the threat ID: https://threatvault.paloaltonetworks.com/.
User-added image
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PPOGCA4&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language