A customer requests that a known spyware threat signature be triggered based on a rate of occurrence, for example, 10 hits in 5 seconds. How is this goal accomplished?

November 21, 2021 by Admin

A customer requests that a known spyware threat signature be triggered based on a rate of occurrence, for example, 10 hits in 5 seconds.

How is this goal accomplished?

  • Create a custom spyware signature matching the known signature with the time attribute
  • Add a correlation object that tracks the occurrences and triggers above the desired threshold
  • Submit a request to Palo Alto Networks to change the behavior at the next update
  • Configure the Anti-Spyware profile with the number of rule counts to match the occurrence frequency

Leave a Reply