November 21, 2021 by Admin
A customer requests that a known spyware threat signature be triggered based on a rate of occurrence, for example, 10 hits in 5 seconds.
How is this goal accomplished?
- Create a custom spyware signature matching the known signature with the time attribute
- Add a correlation object that tracks the occurrences and triggers above the desired threshold
- Submit a request to Palo Alto Networks to change the behavior at the next update
- Configure the Anti-Spyware profile with the number of rule counts to match the occurrence frequency