Enhanced auto-remediation

Hi Folks, 

I use that enhanced auto-remediation (https://github.com/PaloAltoNetworks/Prisma-Enhanced-Remediation#getting-started) trying to auto remediate alerts detected in Prisma.
For some reasons some alerts that can not be remediated due to lack of

missing config parts on export

hey, 

I migrated a CP81 config and merged it with the PAN base config. 

In expedition everything looks fine and everyhting is in place where I would expect it. 

when I generate the config for export and download it, I'm missing all interfaces, zo

Issue passing traffic with Global Protect client 5.2.9 or later

Hi,

We have having issues upgrading beyond global protect client 5.2.8. If we upgrade to 5.2.9/5.2.11/6.0.1 we have the following happen on our Windows 10 Enterprise x64 1909 or greater devices. The clients are configured for split tunnel.

1. The VPN

Global protect Two Factor Authentication with FortiAuthenticator

Hello Gents , 

we managed to enable the Two Factor authentication for Global protect with fortiAuthenticator Raduis server .

whats your recommendations to implement this 

SLA changes that are made by field change scripts are getting reverted

Hi, I have a a field trigger script assigned to a status field. When it changes, the script stops an SLA and starts another and these are Time To Assignment and Response SLA respectively. I have one tenant that refuses to keep the changes meaning tha

ACC shows ipv6 addresses in source/destination IP

Hello, I have a PA-220 with PANOS 10.1.3 installed. I see IPv6 addresses in source/destination IP widget. It started from 10.1.x version

does anybody has the same issue?

Query Share: XDR/PAN-OS URL Category Stitched Correlation Alert

Wanted to share a useful XQL query we have setup as a correlation rule in case anyone else finds it beneficial. This query requires that you have PAN-OS firewall URL logs available within XDR datasets, for example being sent to Cortex Data Lake. The

XQL - Hunting Renamed LOLBINs Process Execution

Reason for Query:

LOLBINs are used quite extensively in attacks, in some cases LOLBINs are renamed and then used to bypass behavior based detection rules. Hence, the query is built to hunt for renamed process execution eg; cmd.exe renamed to xyz.exe a

Sofware Upgrade broken? "An active license is required for this feature"

I have a bunch of PA440s and some of them cannot be upgraded as I keep getting an "An active license is required for this feature" message when clicking on Check Now under Device > Software. Device is correctly licensed and activated on the support p

Staged upgrade for GlobalProtect App

Hi

We are trying to stage the GlobalProtect app upgrade

We have the DEFAULT policy for GlobalProtect configured to Disallow upgrade and now we created a Test-Pilot policy with Allow Transparent, select few test users and move the new policy on top of t

HA pair, first unit has no issue getting licenses, second one "failed to fetch licenses. failed to get license info."

We're trying to bring up these units, two PA-440's.

They are in an HA pair, both tied to the same management switch, and both can ping/trace to updates.paloaltonetworks.com as described in this article: https://knowledgebase.paloaltonetworks.com/KCSA

Automating certificate import into Panorama (not a template)

I have importing a certificate into a template working:

curl -s -i -k -F -F "file=@{{cert_path}}" -X POST "https://panorama/?key={{api_key}}&type=import&category=keypair&certificate-name=letsencrypt_cert&format=pkcs12&passphrase={{password}}&target-tp

What a difference a Deny makes

I had an interesting discussion with @soporteseguridad the other day where we tried to figure out some unexpected packets he was seeing on his external router.

The security policy was set to block all SMB packets, based on their service port, rather

UI issues in PAN OS 10.1.5-h1

 Hi All,

I seem to have run into some minor UI bugs in PAN OS 10.1.5-h1:

1. When you open a security policy rule, the tags section is squashed and you cant re-size it or click the drop down (see below)

2. When you click on the contextual help in the W