Unable to add some Threat IDs for Threat Exception under Vulnerability Protection on Prisma Access

Unable to add some Threat IDs for Threat Exception under Vulnerability Protection on Prisma Access

2728
Created On 01/17/24 05:23 AM - Last Modified 06/18/24 07:47 AM


Symptom


Some threat IDs are not visible under Manage > Configuration > NGFW and Prisma Access > Security Services > Vulnerability Protection > Overrides > Add Overrides or under specific profile, Vulnerability Protection Profiles > [profile name] > Overrides > Add Overrides.
image.png

For example,
1) Threat ID 52018
image.png
 
2) Threat ID 425627025
image.png
Compared to threat ID 40025
image.png
 
 
 

Environment


  • Prisma Access Cloud Managed

Cause


Only vulnerability protection signature will be available to be added for threat exception under Manage > Configuration > NGFW and Prisma Access > Security Services > Vulnerability Protection > Overrides or under specific profile, Vulnerability Protection Profiles > [profile name] > Overrides.

Resolution


Add threat exception based on signature types under their respective security services configuration.

To check the signature type of a threat ID, navigate to https://threatvault.paloaltonetworks.com/.

For example:
1) Threat ID 52018 is a file-format signature.
image.png

2) Threat ID 425627025 is an Antivirus and WildFire signature.
image.png

3) Threat ID 40025 is a vulnerability protection signature.
image.png
 
Add the exception for threat ID 425627025 under WildFire & Antivirus and add exception for threat ID 40025 under Vulnerability Protection.

Additional Information
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000XhVkCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail