Threat exception using CLI for DNS Security, results show ID 0, unknown-signature and unknown-fqdn in UI

Threat exception using CLI for DNS Security, results show ID 0, unknown-signature and unknown-fqdn in UI

18822
Created On 11/10/20 21:55 PM - Last Modified 11/18/21 10:30 AM


Symptom


  • Go to  GUI: Objects > Security Profiles > Anti-Spyware > (select the configured spyware profile) > DNS Signatures > Exceptions.
  • Enter a valid DNS signature under the Search field
  • CLI incorrectly displays ID of 0, with Name as Unknown-Signature and FQDN as Unknown-fqdn (displayed below)
 
searching for UTID or name shows ID 0, unknown





 

Environment


  • PAN-OS 9.0 or 9.1
  • Palo Alto Firewall.
  • Anti Spyware DNS signature exceptions.

Cause


Timeout with our ThreatVault when searching for signature causes the above issue.

Resolution


  1. The most simple and direct solution is just to search again, sometimes multiple searches and requests eventually lead to the signature being found.
  2. If the above doesn't work, enter the threat name and if that doesn't work, you can enter the Threat ID through the CLI after entering configure mode:
> configure
# set profiles spyware "Name of Anti-Spyware Profile" botnet-domains threat-exception <IDnumber_of_the_unique_threat_ID>
# commit
# exit

One can use the tab key after "set profile spyware" to list available anti-spyware profiles
 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HBbiCAG&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language