https://live.paloaltonetworks.com/t5/advanced-threat-prevention/pa-820-threat-license-attack-passed/m-p/308653#M740 <P>Hello Guys,</P><P>&nbsp;</P><P>This is my first post here and I am very sad.</P><P>&nbsp;</P><P>I am big fan of PA and had a couple of implementations with customers but...</P><P>Sadly, last sunday, PA-820 appliances in HA were not enough to stop hackers/attack.</P><P>&nbsp;</P><P>Customer of mine had some public exposed servers(public services).</P><P>In log files I saw many login attempts and no Brute-force signature engaged.</P><P>Interesting is here in the screenshot.</P><P>1. Vulnerability stopped and than again....login attempt:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="KaloyanKirchev_0-1580376316902.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/23747iF3E07461DAD8CE4F/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="KaloyanKirchev_0-1580376316902.png" alt="KaloyanKirchev_0-1580376316902.png" /></span></P><P>All internal serves and infrastructure were down and has to be REBUILD from scratch. <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span></P><P>&nbsp;</P><P>PLEASE give advice on how to "fine tune" vulnerability protection to stop these kind and future threats.</P><P>Somewhere I read that brute-force timers/attempts should be managed but I think this is not enough.</P><P>Maybe the login attempts were not the only problem.</P><P>I can show traffic logs for many login attempts BUT No threats.</P><P>&nbsp;</P><P>P.S.: Of course it has Threat License and company DID loose huge amount of money as Monday morning there were no servers.</P><P>&nbsp;</P><P>I would be happy to receive any help.</P><P>&nbsp;</P> Thu, 30 Jan 2020 09:33:41 GMT KaloyanKirchev 2020-01-30T09:33:41Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/pa-820-threat-license-attack-passed/m-p/308653#M740 <P>Hello Guys,</P><P>&nbsp;</P><P>This is my first post here and I am very sad.</P><P>&nbsp;</P><P>I am big fan of PA and had a couple of implementations with customers but...</P><P>Sadly, last sunday, PA-820 appliances in HA were not enough to stop hackers/attack.</P><P>&nbsp;</P><P>Customer of mine had some public exposed servers(public services).</P><P>In log files I saw many login attempts and no Brute-force signature engaged.</P><P>Interesting is here in the screenshot.</P><P>1. Vulnerability stopped and than again....login attempt:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="KaloyanKirchev_0-1580376316902.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/23747iF3E07461DAD8CE4F/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="KaloyanKirchev_0-1580376316902.png" alt="KaloyanKirchev_0-1580376316902.png" /></span></P><P>All internal serves and infrastructure were down and has to be REBUILD from scratch. <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span></P><P>&nbsp;</P><P>PLEASE give advice on how to "fine tune" vulnerability protection to stop these kind and future threats.</P><P>Somewhere I read that brute-force timers/attempts should be managed but I think this is not enough.</P><P>Maybe the login attempts were not the only problem.</P><P>I can show traffic logs for many login attempts BUT No threats.</P><P>&nbsp;</P><P>P.S.: Of course it has Threat License and company DID loose huge amount of money as Monday morning there were no servers.</P><P>&nbsp;</P><P>I would be happy to receive any help.</P><P>&nbsp;</P> Thu, 30 Jan 2020 09:33:41 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/pa-820-threat-license-attack-passed/m-p/308653#M740 KaloyanKirchev 2020-01-30T09:33:41Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/pa-820-threat-license-attack-passed/m-p/310604#M757 <P>for critical level threats and specifically for brute force threats I usually set a block-ip action for a good amount of time to discourage hammering internal resources</P> Tue, 11 Feb 2020 14:45:43 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/pa-820-threat-license-attack-passed/m-p/310604#M757 reaper 2020-02-11T14:45:43Z