https://live.paloaltonetworks.com/t5/general-topics/detecting-or-hunting-for-cve-2025-0108/m-p/1222493#M123519 <P>Hello Folks,</P> <P>&nbsp;</P> <P>I am looking for a ways to detect the attempt for this vulnerability through SIEM. Based on the blogs available the vulnerability can be exploited by accessing URL with "unauth" on management interface. So I am thinking to look for web interface access logs with keyword "unauth". However, I would like your help to get below details.</P> <P>&nbsp;</P> <P>1. Which log will provide management IP address?</P> <P>2. Whenever a user accesses the management IP through web, which type of logs will provides access log? (traffic, config, system etc.)</P> <P>3. Which type of log will give full URL when user access web interface.</P> <P>&nbsp;</P> <P>Feel free to guide my any resource that provide this information.</P> <P>&nbsp;</P> <P>Thanks in advance.</P> <P>&nbsp;</P> <P>Regards,</P> <P>Ameer Mane</P> Tue, 04 Mar 2025 04:52:17 GMT ameermane 2025-03-04T04:52:17Z https://live.paloaltonetworks.com/t5/general-topics/detecting-or-hunting-for-cve-2025-0108/m-p/1222493#M123519 <P>Hello Folks,</P> <P>&nbsp;</P> <P>I am looking for a ways to detect the attempt for this vulnerability through SIEM. Based on the blogs available the vulnerability can be exploited by accessing URL with "unauth" on management interface. So I am thinking to look for web interface access logs with keyword "unauth". However, I would like your help to get below details.</P> <P>&nbsp;</P> <P>1. Which log will provide management IP address?</P> <P>2. Whenever a user accesses the management IP through web, which type of logs will provides access log? (traffic, config, system etc.)</P> <P>3. Which type of log will give full URL when user access web interface.</P> <P>&nbsp;</P> <P>Feel free to guide my any resource that provide this information.</P> <P>&nbsp;</P> <P>Thanks in advance.</P> <P>&nbsp;</P> <P>Regards,</P> <P>Ameer Mane</P> Tue, 04 Mar 2025 04:52:17 GMT https://live.paloaltonetworks.com/t5/general-topics/detecting-or-hunting-for-cve-2025-0108/m-p/1222493#M123519 ameermane 2025-03-04T04:52:17Z https://live.paloaltonetworks.com/t5/general-topics/detecting-or-hunting-for-cve-2025-0108/m-p/1222833#M123520 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/577013101">@ameermane</a>&nbsp;,</P> <P>&nbsp;</P> <P>You can check the system logs and query for ( eventid eq 'auth-fail' ) or for all logs related to auth ( subtype eq 'auth' )</P> Thu, 06 Mar 2025 03:55:00 GMT https://live.paloaltonetworks.com/t5/general-topics/detecting-or-hunting-for-cve-2025-0108/m-p/1222833#M123520 JayGolf 2025-03-06T03:55:00Z