What is the meaning of status in IP Feed on ThreatVault?

What is the meaning of status in IP Feed on ThreatVault?

4857
Created On 03/01/23 11:56 AM - Last Modified 07/24/24 17:37 PM


Symptom


The IP Feed in ThreatVault shows different status such as N/A, Released, and Disabled for the IPs.

Note: IP Feed refers to the cloud master list that feeds into multiple PAN services such as Advanced URL Filtering. IP Feed is not the same as PAN-OS EDL. The predefined PAN-OS EDLs are a subset of the master IP Feed.
 

Example: 

Screenshot 2024-04-12 at 3.55.17 PM.png

 

Environment


  • PaloAlto Firewalls.
  • ThreatVault IP query.

Resolution


  • The status Released means that the IP is a part of our IP feeds.
  • The status N/A means that the IP is not a part of our Malicious IP feeds, i.e., It has not been released into the feed.
  • The status Disabled means that the IP was once a part of the feed and has been removed from it.

Note: The category assigned to the IP, malicious or not is not dependent on the IP feed itself.

Additional Information


Also refer to the following article for the signature status itself:
What is the meaning of "Current Release: n/a" on ThreatVault?
 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kH93CAE&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language