Suspicious Remote domain account enumeration : XDR

Hello All,
We have received an alert from our XDR Platform regarding Suspicious Remote domain account enumeration : XDR , where we see the Src IP belong to Internal and the process involved is "lsass.exe" and Src Host Name being the one which is not a

Can I use a single license for Url Filtering in HA mode for palo's

Hi guys & Gals,

Thanks in advance for looking at my query.

You probably did it. or is paying for both licenses. 

The Ask is can I use a single license for URL filtering or Advance in a HA setup between two Palo's

if not; then Why Not.

SSH Brute Force

Client connects to FTP server via SSH and starts downloading. After a while, connection stops. I see in the logs that there a multiple SSH login attempts and finally SSH Brute Force with reset-both action. 

What would be the reason?

Can you setup a failure grace period for CI image scans based on first found date

I'm looking for a way to set a failure grace period for CI image scans based on the first found date. I see in the rulesets you can set a failure grace period based on the first fix date. 

For example, if we were to set an expectation that any high

CVE-2023-50164 Apache Struts Vulnerability

Hi I would like to enquire if any Palo Alto products are affected by the above vulnerability. 

Thanks. 

Suspicious User-Agent Strings

Hi All,

I have noticed a log from our Palo Alto vulnerability report that looks suspicious yet I am unaware of it.

There is a threat "Suspicious User-Agent Strings" detected under the "spyware" category and "HTTP-proxy" application from Globalprote

Text injection issue on firewall

Dear Team ,

We have a customer he is facing issue with , Text injection is enabled on firewall portal web application.

We noticed a problem with the Palo Alto web portal is getting affected by text injection during the security audit. We must mitig

Binary file execution error while installating Cortex XDR in amazon linux

Using below user data script in aws ec2 instance i tried to install cortex xdr agent. During this process when i look into the system log i had found an error ./setup.sh: line 731: /opt/traps/bin/cytool: cannot execute binary file. Please let me know

Student extensive use of VPNs.

Hello Livecommunity. We are in a bind. We have numerous students on our school networks that are bypassing security profile rules with VPNs. So frustrating. I do have rulesets that look for annnomizers and proxies. I also have explicit rules that loo

Malicious .zip file detected as "HackTool/Win32.mimikatz" by AV policy and action shows as 'reset-both' but the file was not blocked

Hello,

While doing testing around our security controls, we did intentionally try to download Mimikatz onto an isolated workstation to see if Palo Alto blocks the download, however though Palo did alert with multiple threat names starting with "Hac

Network

Hi Team,

We have a customer he is facing issue with, Sliver Framework Command and Control Traffic Detection - ThreatID 86680.

He is getting below sync error,

URL : mail.google.com/sync/u/0/i/s?hl=en&c=649&rt=r&pt=ji 

I have gone through the below art