STIGQter: STIG Summary: Palo Alto Networks IDPS Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The Palo Alto Networks security platform must automatically install updates to signature definitions, detection heuristics, and vendor-provided rules.

DISA Rule

SV-207697r557390_rule

Vulnerability Number

V-207697

Group Title

SRG-NET-000251-IDPS-00178

Rule Version

PANW-IP-000029

Severity

CAT II

CCI(s)

• CCI-001247 - The information system automatically updates malicious code protection mechanisms.

Weight

10

Fix Recommendation

Go to Device >> Dynamic Updates
Select "Check Now" at the bottom of the page to retrieve the latest signatures.
To schedule automatic signature updates.
Note: the steps provided below do not account for local change management policies.

Go to Device >> Dynamic Updates
Select the text to the right of "Schedule".
In the "Applications and Threat Updates Schedule" Window; complete the required information.
In the "Recurrence" field, select "Daily".
In the "Time" field, enter the time at which you want the device to check for updates.
For the "Action", select "Download and Install".
Select "OK".
Commit changes by selecting "Commit" in the upper-right corner of the screen. Select "OK" when the confirmation dialog appears.

Check Contents

To verify that automatic updates are configured:
Go to Device >> Dynamic Updates

If no entries for "Applications and Threats" are present, this is a finding.

If the "Applications and Threats" entry states "Download Only", this is a finding.

Vulnerability Number

V-207697

Documentable

False

Rule Version

PANW-IP-000029

Severity Override Guidance

To verify that automatic updates are configured:
Go to Device >> Dynamic Updates

If no entries for "Applications and Threats" are present, this is a finding.

If the "Applications and Threats" entry states "Download Only", this is a finding.

Check Content Reference

M

Target Key

2927

Comments