A bit of a tricky one because the oldest is at the bottom and newest at the top
the question doesn't specify whether the first or last submitted was allowed or why
the first because of an "alert"
Last because of an "allow"
It would appear that the Action on the rule has been changed from alert to allow - it's the same rule for all of the submissions, same UUID - It can't have two actions so it's been changed since the first two submissions
If this was current it would be "allow"
That's my logic for answer B anyway
Answer is B. The submission logs include details about a given sample, including the following information: 1) The Verdict column indicates whether the sample is benign, malicious, phishing, or grayware. 2) The Action column indicates whether the firewall allowed or blocked the sample. 3) The Severity column indicates how much of a threat a sample poses to an organization using the following values: critical, high, medium, low, and informational. The values for the severity levels are determined by a combination of verdict and action values. For example, High is a result of a malicious sample with the action set to allow.
Also going with B , below link somewhat explains it
https://live.paloaltonetworks.com/t5/threat-vulnerability-discussions/wildfire-not-blocking-file-with-malicious-verdict/td-p/203905
B)
The Verdict column indicates whether the sample is benign, malicious, phishing, or grayware.
The Action column indicates whether the firewall allowed or blocked the sample.
I presume it is C. because the verdict is still malicious.
WildFire Submission [Logs] verdict is "malicious" and traffic is "allowed", while configured action is "blocked" See TAKUM1y link.
I presume it is C. because the verdict is still malicious.
WildFire Submission [Logs] verdict is "malicious" and traffic is "allowed", while configured action is "blocked" See TAKUM1y link.
Answer is B.
"The Action column indicates whether the firewall allowed or blocked the sample."
https://docs.paloaltonetworks.com/advanced-wildfire/administration/monitor-wildfire-activity/view-wildfire-logs-and-analysis-reports#idc0fcf921-6745-4e38-8599-f8d9b5f88c58
Answer is B.
With the Wildfire subscription you can have Inline Machine Learning for further analysis of the threat samples and the time for getting a verdict of the sample is within the same day but between 10 t 15 min. With no license, you can still get the verdict but within 24 hrs. However, the verdict of Wildfire is independent of the action of the security rule. if it is set to alert or allow, it will allow the traffic even if the verdict is malicious due that is not instant process ( which means in real -time the traffic won't get block ) now , this is a nasty question due that the columns has file and wildfire , for the wildfire rows , we have allow as an action and " allow" doesn't log any of the traffic but alert yes. I'll stick with B
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
PaloGuy
6 days, 4 hours agoWhizdhum
8 months, 1 week agoSammy3637
8 months, 2 weeks agofranko_72
8 months, 2 weeks agoEiffelsturm
8 months, 3 weeks agopavtoor
11 months, 3 weeks agoBetty2022
1 year agokewokil120
1 year, 4 months agoduckduckgooo
1 year, 4 months agokewokil120
1 year, 5 months agodaytonadave2011
1 year, 5 months agokewokil120
1 year, 5 months agoDenskyDen
1 year, 6 months agoDenskyDen
1 year, 6 months agoCarso2316
1 year, 6 months agosujss
1 year, 3 months agoGohanF2
1 year, 6 months agoNgalakata
1 year, 6 months ago