当威胁 ID 无法从威胁异常选项卡中搜索时,如何查找威胁

当威胁 ID 无法从威胁异常选项卡中搜索时,如何查找威胁

41599
Created On 04/01/20 01:40 AM - Last Modified 10/15/24 13:02 PM


Objective


当威胁在威胁 ID 异常选项卡中无法搜索时,如何查找信息 UI 。

Environment


  • 全部 PAN-OS 。
  • 帕洛阿尔托 Firewall .
  • 已启用威胁许可证。

Procedure


1. ID GUI 如果签名被禁用,则无法通过威胁找到签名。
  • 例如,无法 ID 通过以下身份找到威胁 57775。 UI
用户添加的图像
  • 在这种情况下,检查 ID 使用的威胁 CLI 。
admin@PA.VM> show threat id 57775

Microsoft Windows SMB is prone to a remote code execution vulnerability while parsing certain crafted SMB requests. 
The vulnerability is due to the lack of proper checks on SMB requests, leading to an exploitable remote code execution vulnerability.
An attacker could exploit the vulnerability by sending a crafted SMB request. A successful attack could lead to remote code execution with the privileges of the server.

critical
Unknown
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0796
CVE-2020-0796
2. 检查状态的另一种方法是在https://threatvault.paloaltonetworks.com/使用威胁库。
用户添加的图像
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PPOGCA4&lang=zh_CN&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language