This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
About Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.

Discussions

Start a conversation

Welcome to the Threat & Vulnerability Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4173 Views
  • 0 replies
  • 0 Likes

AUkill Tool - EDR Killer

What are the things needs to be configured to protect our infrastructure from New AuKill Tool, which is used by Ransomware group Or our Current Cortex XSIAM version is capable to detect and prevent this. "AuKill to disable Endpoint Detection & Response (EDR) Software on targets' systems before deploying backdoors and ransomware in Bring Your...

Jitu by L0 Member
  • 2701 Views
  • 1 replies
  • 1 Likes

Resolved! Security profiles best practise

Palo Alto have the following Security profiles by default (pre-defined) Antivirus - default Antivirus - default & strict Vulnerability protection- default & strict Would like to Palo alto recommendation on applying the different security profiles If we are deploying a new Palo Alto firewalls in a new environment , would like to know...

GKumar10 by L0 Member
  • 4524 Views
  • 1 replies
  • 0 Likes

How to access the Salesforce Marketing Cloud through simple-salesforce?

I am implementing a project using simple-salesforce so I can manage and trigger events on Salesforce Marketing Cloud. The problem I have encountered is that the documentation is not explicit if I can use simple-salesforce to access the Marketing Cloud endpoints. I've noticed even that the login method on simple-salesforce can't be done by the ...

Resolved! Dynamic IP lists Known malicious Panorama Security rule not populating

I'm running into a problem where the "known malicious IP addresses" dynamic list isn't populating in panorama when to trying to add a security policy based on it, but is populating when I go to the local firewall and try to find it under the destination address. Has anyone ever run into this issue before?

Sec101 by L4 Transporter
  • 32545 Views
  • 11 replies
  • 0 Likes

What is Threat ID 40033 "DNS ANY Queries Brute Force DOS Attack"

Hi All I need to know about Threat ID 40033 "DNS ANY Queries Brute Force DOS Attack". I found the firewall drop traffic and hit the threat id-40033, but we try to packet capture with this traffic for DNS query for same source and same destination is not reach 500 times per 60 seconds. Why Palo drop the query packet? and what's traffic that h...

Jitaphon by L2 Linker
  • 9672 Views
  • 7 replies
  • 0 Likes

Vulnerability - HSTS header does not contain includeSubDomains

This vulnerability is detected on global protect public ip. HSTS header does not contain includeSubDomainsThe HTTP Strict Transport Security (HSTS) header does not contain the includeSubDomains directive. This directive instructs the browser to also enforce the HSTS policy over subdomains of this domain.Expected Headers > strict-transport-sec...

Deepak25 by L3 Networker
  • 17663 Views
  • 10 replies
  • 1 Likes

Threat 576037320

Hi Team, Threat 576037320 was released in one of the recent anti-virus definitions and we were wondering if we could get some more information as to why the domain of "wvtc.com" was flagged as malicious. This domain belongs to one of our customers and we frequently send emails to this domain from one of our services. When the domain was flagged ...

vij by L1 Bithead
  • 1272 Views
  • 0 replies
  • 0 Likes

Resolved! ms-ds-smbv3 - Trojan-Downloader/Win32.guloader.ao

We are receiving a large quantity of logs affecting a limited number of users for this threat IDName: Trojan-Downloader/Win32.guloader.ao Unique Threat ID: 479496371 Create Time: 2022-04-05 09:11:48 (UTC) Threat ID: 2837943 Current Release: 4338 (2023-01-23 UTC) First Release: 4044 (2022-04-05 UTC) We suspect that this is a false positive, Is ...

Pan-OS Bug

In Preliminary checks we found that all data ports of Backend Firewalls were down we established Console access to BE Firewall, we found that Firewalls were running in the maintenance mode We managed to reboot BE Firewalls and bring them up at about 7.20pm on 15th March, all services were recovered as well. After BE Firewalls were up and checkin...

Bioc rules (XQL query)

Hello everyone. I need help about bioc rules. I found a lot of ioc rules from other source. But I dont know how can I change that ioc rules to BIOC rules. Thats really so big problem for me and I can't figure out. Who can help me about that? Thanks in advance.

Ajhuge by L0 Member
  • 2552 Views
  • 2 replies
  • 0 Likes

SSH Proxy decryption disables vulnerability protection?

Hello everyone, I'm doing some tests with decryption and vulnerability protection. I configured NAT and security policies to permit ssh access to an internal ssh server from the outside and I attached a vulnerability protection profile to the policy. In the vulnerability protection profile I set an exception to block bruteforce login attacks a...

panos_bruteforce_exception.png
grenzi by L3 Networker
  • 6308 Views
  • 6 replies
  • 0 Likes

Question regarding "reset-both" action

I've been seeing alot of Code Executions on Palo Alto Threat logs, most of them are not applicable on our servers and had an action of "Reset-both". Did the Firewall completely blocked the connection or there's a connection happened but did not complete since both server and client had a RST. Also same on application based, there's a lot of "Res...

Plz share with me example of Cortex XDR report

Hello. Some time ago i used Cortex XDR in my company, but license expired and management console is blocked. Now i`m trying to decide - if i`ll prolong it or not. My admin told me that there is some super cool-looking Cortex XDR report about accidents that no one else have. Can anybody share with me examples of that report? I`m looking for solut...

  • 545 Posts
  • 78 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks