Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
About Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.

Discussions

Memory Corruption Exploit

Good day,

 

This may be a silly question we have been getting memory corruption exploit Alerts from a certain endpoint. Client does see them as cause for concern.

On a single end point would it be cause for concern to see multiple memory corruption expl

...

aadamb by L0 Member
  • 3108 Views
  • 0 replies
  • 2 Likes

How to detect domain fronting

Hi,

 

did anyone manage to write a custom signature to detect domain fronting?

PA extracts the Host header, so in theory it should be possible to detect if the Host header is different from the URL?

 

Alternatively, if one could log the Host header one co

...

AndreasB by L2 Linker
  • 8641 Views
  • 2 replies
  • 0 Likes

Unit42 STIX 2.0 feeds

I'm running my own Anomali STAXX server. I'm trying to ingest these Unit 42 feeds.  Do they still exist? The page is still up and I registered and created my API keys. No matter what I try to do, I can't get Anomali STAXX to connect. https://stix2.un

...

ingerl by L0 Member
  • 3293 Views
  • 1 replies
  • 1 Likes

policy, objects and smtp

howdy,

I can not get my head around how to do this.

Allow smtp from a country but block every other service, application.

You can negate countries but not services/applications.

can one do any/any with an exception?

Thank you

PA200-1 by L1 Bithead
  • 2723 Views
  • 3 replies
  • 1 Likes

How to Block RClone

If I search for rclone in the applications on my PAN 3220 w 9.1, I am not spotting "rclone". 
Is there a means of identifying and blocking rclone traffic?

 

https://research.nccgroup.com/2021/05/27/detecting-rclone-an-effective-tool-for-exfiltration/

palomed by L3 Networker
  • 2832 Views
  • 0 replies
  • 1 Likes