Detections
Analytics

6.6 Ensure a Vulnerability Protection Profile is set to block attacks against critical and high vulnerabilities, and set to default on medium, low, and informational vulnerabilities

Information

Configure a Vulnerability Protection Profile set to block attacks against any critical or high vulnerabilities, at minimum, and set to default on any medium, low, or informational vulnerabilities. Configuring an alert action for low and informational, instead of default, will produce additional information at the expense of greater log utilization.

Rationale:

A Vulnerability Protection Profile helps to protect assets by alerting on, or blocking, network attacks. The default action for attacks against many critical and high vulnerabilities is to only alert on the attack - not to block.

Impact:

Not configuring a Vulnerability Protection Profile means that network attacks will not be logged, alerted on or blocked.

Solution

Navigate to Objects > Security Profiles > Vulnerability Protection.
Set a Vulnerability Protection Profile to block attacks against any critical or high vulnerabilities (minimum), and to default on attacks against any medium, low, or informational vulnerabilities.

Default Value:

Two Vulnerability Protection Profiles are configured by default - 'strict' and 'default'.

See Also

https://workbench.cisecurity.org/benchmarks/13160

Item Details

Category: RISK ASSESSMENT

References: 800-53|RA-5, CSCv7|12.7

Plugin: Palo_Alto

Control ID: a832a6951202cc98a38d726260f20aa7b8bc0f63ddde16dfcf3745a955266a41