Review the screenshot below. Based on the information it contains, which protocol decoder will detect a machine-learning match, create a Threat log entry, and permit the traffic?
Review the screenshot below. Based on the information it contains, which protocol decoder will detect a machine-learning match, create a Threat log entry, and permit the traffic?
IMAP is the correct answer because, according to the provided screenshot and its configurations, the IMAP protocol has the WildFire Inline ML Action set to 'default (alert)', which means it will generate an alert. Generating an alert will create a Threat log entry, and the allowed exception will permit the traffic. Therefore, IMAP is the protocol decoder that meets all the criteria mentioned in the question.
Answer B. HTTP/2 has allow which does not create a log-entry
B is the correct answer. According to the screenshot, only imap, pop3 and smtp have a default (alert) action, which generates an alert for each application traffic flow. The alert is saved in the threat log. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/policy/security-profiles
B: IMAP is the only app in the profile that covers all the requirements to the question.
Why not HTTP? Not too sure how IMAP can be used for machine learning. Action Alert: generates an alert for each application traffic flow. The alert is saved in the threat log.
Is the correct answer