https://live.paloaltonetworks.com/t5/general-topics/jawinabug-command-and-control-traffic-detection-85599/m-p/310586#M80428 <P>Could you guys please throw some light on "JawinaBug Command and Control Traffic Detection(85599)", there is no information related to could you guys please throw some light on "JawinaBug Command and Control Traffic Detection(85599)", there is no information related to JawinaBug at all</P><P>What triggers this signature, what are the IOCs?, Please help</P><P>I have seen this signature triggering in internal communication with SQL server.&nbsp;</P><P>All I know so far is that the signature is fairly new and by default action of the firewall is reset both connections</P> Tue, 11 Feb 2020 13:19:24 GMT Lalitb 2020-02-11T13:19:24Z https://live.paloaltonetworks.com/t5/general-topics/jawinabug-command-and-control-traffic-detection-85599/m-p/310586#M80428 <P>Could you guys please throw some light on "JawinaBug Command and Control Traffic Detection(85599)", there is no information related to could you guys please throw some light on "JawinaBug Command and Control Traffic Detection(85599)", there is no information related to JawinaBug at all</P><P>What triggers this signature, what are the IOCs?, Please help</P><P>I have seen this signature triggering in internal communication with SQL server.&nbsp;</P><P>All I know so far is that the signature is fairly new and by default action of the firewall is reset both connections</P> Tue, 11 Feb 2020 13:19:24 GMT https://live.paloaltonetworks.com/t5/general-topics/jawinabug-command-and-control-traffic-detection-85599/m-p/310586#M80428 Lalitb 2020-02-11T13:19:24Z https://live.paloaltonetworks.com/t5/general-topics/jawinabug-command-and-control-traffic-detection-85599/m-p/310613#M80437 <P>if you enable extended threat pcap, you can see what triggered the signature</P> Tue, 11 Feb 2020 15:19:36 GMT https://live.paloaltonetworks.com/t5/general-topics/jawinabug-command-and-control-traffic-detection-85599/m-p/310613#M80437 reaper 2020-02-11T15:19:36Z https://live.paloaltonetworks.com/t5/general-topics/jawinabug-command-and-control-traffic-detection-85599/m-p/310723#M80458 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/132869">@Lalitb</a> ,</P> <P>&nbsp;</P> <P>To add to reaper's comment... you enable the extended_pcap in the vulnerability profile:</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="extended_pcap.jpg" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/23913iCD77C4EA777242A5/image-size/medium?v=v2&amp;px=400" role="button" title="extended_pcap.jpg" alt="extended_pcap.jpg" /></span></P> <P>&nbsp;</P> <P>You can edit the length of the extended_pcap as well :</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Extended PCAP Length" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/23914i79566CF6995F29E3/image-size/medium?v=v2&amp;px=400" role="button" title="extended_length.jpg" alt="Extended PCAP Length" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">Extended PCAP Length</span></span></P> <P>&nbsp;</P> <P>Hope this helps,</P> <P>-Kiwi.</P> Wed, 12 Feb 2020 07:55:42 GMT https://live.paloaltonetworks.com/t5/general-topics/jawinabug-command-and-control-traffic-detection-85599/m-p/310723#M80458 kiwi 2020-02-12T07:55:42Z