What are the Unique Threat ID's that map to the different DNS Security Categories?

What are the Unique Threat ID's that map to the different DNS Security Categories?

41776
Created On 02/02/21 22:19 PM - Last Modified 06/11/25 07:28 AM


Question


What are the Unique Threat ID's that map to the different DNS Security Categories?

Environment


  • PAN-OS >= 9.0
  • Valid DNS Security license

Answer


UTID to DNS Security Category mapping

UTID

DNS Security Category

109000001

DGA Domain

109001001

DNS Tunneling Domain

109001002

DNS Tunneling Domain

109001003

DNS Infiltration Domain

109002001

Wildcard Abuse Domain

109002002

Strategically Aged Domain

109002003

Squatting Domain

109002004

Subdomain Reputation Domain

109002005

Stockpile Domain

109002006

Domain Masquerading Domain

109003001

Compromised DNS Domain

109003002

Ransomware

109003003

Malicious TDS Domain

109003004

Compromised Website Domain

109004000

AdTracking Domain

109004001

CNAME Cloaking Domain

109004100

Hijacking Domain

109004200

Zone Misconfig Domain

109004201

Misconfig Dangling Domain

109004202

Claimable NX Domain

109010001

Phishing Domain

109010002

Generic Grayware Domain

109010003

Parked Domain

109010004

Proxy Domain

109010005

Fastflux Domain

109010006

Malicious NRD Domain

109010007

NXNSAttack Domain

109010008

Dangling Domain

109010009

DNS Rebinding Domain

109010010

DNS Profiling

109020001

Newly Registered Domains

109020002

Dynamic DNS Domain

Additional Information


  • Threat Exceptions for DNS Security Categories should never be placed for the Universal Threat IDs (UTID's)
  • Exceptions for DNS Security spyware detections need to be added by FQDN (fully qualified domain name).

 

See Also:
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HCjTCAW&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language