Details

Set the Applications and Threats Update Schedule to download and install updates at daily or shorter intervals.

Rationale:

New Applications and Threats file versions may be released at any time. With a frequent update schedule, the firewall can ensure threats with new signatures are quickly mitigated, and the latest application signatures are applied.

Solution

Navigate to Device > Dynamic Updates > Application and Threats Update Schedule.

Set Action to ‘Download and Install’.

Set Recurrence to ‘Daily, Hourly or Every 30 Minutes’.

Default Value:
This setting is by default set to Weekly.

References:
Tips for Managing Content Updates – https://live.paloaltonetworks.com/docs/DOC- 1578

PAN-OS Administrator’s Guide 9.0 (English) -Dynamic Content Updates – https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/software-and-content-updates/dynamic-content-updates.html

PAN-OS Administrator’s Guide 9.0 (English) – Install Content Updates – https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/software-and-content-updates/install-content-and-software-updates.html

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/2692

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection, System and Information Integrity.This control applies to the following type of system Palo_Alto.

References

• 800-53|SC-7
• 800-53|SI-4
• CSCv6|12
• CSCv6|12.5
• CSCv7|12
• CSCv7|12.9
• CSCv7|12.10

Source

• Tenable.com/audits