https://live.paloaltonetworks.com/t5/general-topics/threat-log-issue/m-p/536868#M110269 <P>May I know why no file name display in threat log which action is alert.</P> <P>&nbsp;</P> <P>Please see attached the photo.?</P> <P>&nbsp;</P> Wed, 29 Mar 2023 06:39:41 GMT WingMak 2023-03-29T06:39:41Z https://live.paloaltonetworks.com/t5/general-topics/threat-log-issue/m-p/536868#M110269 <P>May I know why no file name display in threat log which action is alert.</P> <P>&nbsp;</P> <P>Please see attached the photo.?</P> <P>&nbsp;</P> Wed, 29 Mar 2023 06:39:41 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-log-issue/m-p/536868#M110269 WingMak 2023-03-29T06:39:41Z https://live.paloaltonetworks.com/t5/general-topics/threat-log-issue/m-p/536870#M110270 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="123.jpg" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/49087i9B38011F7401FBDA/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="123.jpg" alt="123.jpg" /></span></P> Wed, 29 Mar 2023 06:40:38 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-log-issue/m-p/536870#M110270 WingMak 2023-03-29T06:40:38Z https://live.paloaltonetworks.com/t5/general-topics/threat-log-issue/m-p/536933#M110281 <P>It appears to be because there is no associated filename, the vulnerability alert is for a FTP login attempt (not necessarily a successful login). Vulnerability threat IDs 58203 and 58216-58242 are for:</P> <P class="lia-align-left lia-indent-padding-left-30px"><EM>A FTP login attempt from a device was detected with a compromised password.&nbsp;<SPAN>A compromised password is a user credential that has been previously stolen, collected and used for unauthorized logins with an intention to perform a malicious act.</SPAN></EM></P> <P class="lia-align-left">&nbsp;</P> <P class="lia-align-left">So the PaloAlto detected an attempt to log into a FTP server with a known compromised password and alerted (the exact passwords and criteria are not listed in the vulnerability, but I would guess it detected a known hardcoded backdoor password). As it was in the authentication stage of the FTP connection, there is no file name yet.</P> Wed, 29 Mar 2023 15:43:49 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-log-issue/m-p/536933#M110281 Adrian_Jensen 2023-03-29T15:43:49Z