Detections
Analytics

6.7 Ensure a Vulnerability Protection Profile is set to block attacks against critical/high, and set to default on medium, low, and info

Information

Configure a Vulnerability Protection Profile set to block attacks against any critical or high vulnerabilities, at minimum, and set to default on any medium, low, or informational vulnerabilities. Configuring an alert action for low and informational, instead of default, will produce additional information at the expense of greater log utilization.
 Rationale:
 A Vulnerability Protection Profile helps to protect assets by alerting on, or blocking, network attacks. The default action for attacks against many critical and high vulnerabilities is to only alert on the attack - not to block.

Solution

Navigate to Objects > Security Profiles > Vulnerability Protection.
 Set a Vulnerability Protection Profile to block attacks against any critical or high vulnerabilities (minimum), and to default on attacks against any medium, low, or informational vulnerabilities.

See Also

https://workbench.cisecurity.org/files/1664

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-4(4), CSCv6|8.5, CSCv6|12.4

Plugin: Palo_Alto

Control ID: 817fde003e0e88d76e1439856ee38fbe3e880c60987eea55b78dec6918ec591e