What are the Unique Threat ID's that map to the different DNS Security Categories?

What are the Unique Threat ID's that map to the different DNS Security Categories?

15626
Created On 02/02/21 22:19 PM - Last Modified 03/09/23 17:00 PM


Question


What are the Unique Threat ID's that map to the different DNS Security Categories?

Environment


  • PAN-OS >= 9.0
  • Valid DNS Security license

Answer


UTID to DNS Security Category mapping

UTID

DNS Security Category

109000001

DGA

109001001

DNS Tunneling

109001002

DNS Tunneling

109001003

DNS Infiltration

109010001

Phishing

109010002

Generic Grayware

109010003

Parked

109010004

Proxy

109010005

Fastflux

109010006

Malicious NRD

109010007

NXNSAttack

109010008

Dangling Domain

109010009

DNS Rebinding

109020001

Newly Registered Domains

109020002

Dynamic DNS


109010004
 		Real-Time DNS Detection: Proxy

109004000
Real-Time DNS Detection: AdTracking (benign, informational)
 

109000001
 		Real-Time DNS Detection: CNAME Cloaking( benign, informational)
109010001
Real-Time DNS Detection: Phishing
 
109002001
Real-Time DNS Detection: Wildcard Abuse
 

109002002
Real-Time DNS Detection: Strategically Aged

Additional Information


  • Threat Exceptions for DNS Security Categories should never be placed for the Universal Threat IDs (UTID's)
  • Exceptions for DNS Security spyware detections need to be added by FQDN (fully qualified domain name).
 

See Also:

What are the threat IDs 109000001, 109001001 and 109001002? Why different DGA domains[spyware] threat logs have identical threat ID 109000001?
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PPd1CAG
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HCjTCAW&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language