The article you are trying to access is permanently deleted.
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
24278 PostsThe Custom Signatures discussion is a resource for security professionals to discuss the creation process of custom signatures in their PAN-OS appliance.
175 PostsHave you encountered a false positive verdict for Palo Alto Networks (Known Signatures) on VirusTotal? Use this forum to submit a verdict change request. Change requests should include the File Hash, Link to VirusTotal report, current VirusTotal verdict, and description.
778 PostsPost questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to all things Network Security.
5702 PostsPost questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to Palo Alto Networks’ Cloud Delivered Security Services.
645 PostsPost questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to Prisma Access and Prisma SD-WAN.
546 PostsPost questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to Prisma Cloud and Cloud Identity Engine discussions.
470 PostsPost questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to Cortex XDR, XSOAR, and Xpanse discussions.
3935 PostsHi everyone All incidents from our cortex xsoar instance are missing or are not shown, but we don't have any filter. The info is still on the server because we can see all the .db files, we tried to re-index the database but this didn't solve the issue. any ideas what might be happening? thanks
Hi expert, Any one implemented the prisma access enforcement for mobile users GP, Looks it works for windows PC but not not working well for Mac-OS. Any idea? Thanks in advance!
Hello everyone, We recently purchased an AI Access Security license for a PA-440 firewall with 100 users.However, the customer has 140 real users in their environment. I would like to understand how the license assignment works: Is the license based on concurrent users? Or is it assigned to the first 100 users that authenticate/connect? Wh...
It was repported on the 13th that StoreDesktopExtension.exe was flagged as malicious by wildfire it is now being flagged as grayware and is flooding us with alerts anyone else experiencing the same?
Hi, Currently, the customer has a configuration where signature updates are performed on the passive device and then synchronized with the active device.In this configuration, is it appropriate to perform signature updates on the active device?Or what are the recommended settings for Palo Alto Active-Passive Mode? Thank you.
When configuring user privilege on WF-500 appliance, I notice there is no superreader user privilege. But, when I checked from WF-500 appliance configuration documentation, there is superreader user privilege. I cannot find a similar issues where superreader user privilege is not available on WF-500 appliance.Below is the corresponding documenta...
Hi All, We not able to access Quest Tools this morning and receive error as screenshot.Please check if there issue on the backend.
We have (2) equal cost L3 links from our Nexus core switches to an upstream Palo edge firewall HA pair, active/passive. On the firewall, this is an aggregation ethernet with layer 3 subinterfaces defined. There is an SVI on each Nexus switch for routing with a layer 2 port-channel to a breakout switch in between the firewall and core, and we ar...
I’m planning to upgrade my PA-440 from PAN-OS 10.2.8-h3 to 11.1.13. Based on what I’ve read, PAN-OS 11.1.13 is not compatible with my existing User-ID Agent version 10.2.4. I tried upgrading the User-ID Agent to version 11.0.3, but I encountered an error saying “The RPC server is unavailable.” Previously, there were no issues when using User-ID ...
I’m new to Cortex XSIAM and XQL, and I’m still learning how things work. I need some help with an XQL query. I’m trying to create an XQL query where I can see: Incident ID, Incident name , Playbook execution status (failed / error), Playbook name, Error message or failure reason (if available). I checked the incidents dataset, but I couldn’t f...
I am able to retrieve logs successfully using XQL in Cortex XSIAM.However, I need to configure an analytics rule that triggers when any single expected source stops sending logs (for 10 minute,1 hours,4 hours). Detect when any one host / source stops reporting logs Alert should be raised per missing entity Should work with Scheduled Analyt...
Hi, I'm working on creating a dashboard for the concept below. Has anyone already tried this or have any insights they can share? sudden spike for data ingestions Data ingestion exceeded threshold Data source with correlation rules per source
https://security.paloaltonetworks.com/CVE-2026-0227 I'm writing this because I don't understand. Is 11.2.6 a vulnerability?Thank you for your reply.
A false positive has been detected for HelpDeskViewer.exe. File Hash: <c08193adcefec15716fb0c76566e834677563636caf65151d7c9447392d28264> Link to Virustotal report for the file: <https://www.virustotal.com/gui/file/c08193adcefec15716fb0c76566e834677563636caf65151d7c9447392d28264/details> Current VirustTotal Verdict: <Generic.ml&...
We have been experiencing an intermittent problem with our nightly predefined reports displaying IPv4 addresses in IPv6 format.An IPv4 address like 192.168.1.1 is being displayed as an IPv6 address like ::0101:a8c0:ffff:0 We are currently running PAN-OS 11.1.13 but we have seen this same behavior under 11.1.12. Behavior like this apparently ha...
| Subject | Likes |
|---|---|
| 4 Likes | |
| 4 Likes | |
| 3 Likes | |
| 2 Likes | |
| 2 Likes |
