HIP match log details show broken image under "Severity" for missing patches.

HIP match log details show broken image under "Severity" for missing patches.

11465
Created On 05/07/21 15:41 PM - Last Modified 04/23/24 01:56 AM


Symptom


When navigating to Monitor> HIP match> click on the magnifying glass for 'Log Details', the 'Missing Patches' severity column shows broken images. 

Missing patches on firewall

Environment


  • GlobalProtect
  • PAN-OS 8.1, 9.0, 9.1
  • HIP - missing patches

Cause


The broken images are due to an unsupported severity value on PAN-OS which is "-1". This value means 'unknown' which means the missing patch doesn't specify a severity level. Values such as the severity level are collected by OPSWAT (a third-party security tool used to collect HIP data on client devices).

User-added imageUser-added image

 

Resolution


PAN-OS only supports values 0 through 3, please refer to HIP Objects Patch Management Tab.

 

 Microsoft is using the severity naming: "Low", "Moderate", "Important" and "Critical" per   

               https://technet.microsoft.com/en-us/security/gg309177.aspx

               Severity level is assigned to Security and Critical updates :   Severity Level

               Opswat severity Mappings : 

        
              0 - Low
              1 - Moderate
              2 - Important
              3 - Critical

         

               


 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000001VKhCAM&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language