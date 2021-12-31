Behavioral Alert from Vulnerability Scanner - How to Allow Scans WITHOUT alerts from IP address?. We use an on-site vulnerability scanner that started triggering behavioral alerts on Cortex endpoints on Monday. These scans were disabled since they were very disruptive with some endpoints just reporting the issue and others blocking the scan. All endpoints received the pop-up alerting them to danger. These scans have been running since before we adopted Cortex and I am going to guess that an update from the scanning vendor added a detection for something new that triggers this alert since Palo updates come out on Wednesday. The behavior alert references "heuristic.b.205", but I am not sure where you find out more info about what that means. I can see the IP address in the alert that shows what system (i.e. the vulnerability scanner) initiated the string of events that triggered the alert.

SOFTWARE ・ 2 DAYS AGO