This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
About Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.

Discussions

Start a conversation

Welcome to the Threat & Vulnerability Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4172 Views
  • 0 replies
  • 0 Likes

More PA region incorrect results

Seems like the region database was updated and has broken US addresses again.. Trying to check a site URL against the PA database at https://urlfiltering.paloaltonetworks.com/ and unable to get there from my corporate network... urlfiltering.paloaltonetworks.com - 65.154.226.128 - PA logs: Denied, dest region Italy A bit of checking 'show locati...

Is the Applications and Threats Content updated about CVE-2022-26134 (Remote Code Execution Vulnerability in Atlassian Confluence)?

hello.I would like to know whether information about the recently announced vulnerability, CVE-2022-26134 (remote code execution vulnerability in Atlassian Confluence), is reflected in Applications and Threats Content.I have read all the available release notes, but there is no information about the vulnerability.I would appreciate it if you cou...

Resolved! HTTP Unauthorized Brute Force Attack - ID 40031

Hello all,I've been receiving these vulnerability alerts, ID 40031, for some time now between two servers, (DMZ to inside), using port 80 (SOAP) and the severity level is high, but I have the action set to "alert" which is the default. I truly do not know what account is trying to use this vulnerability. In the details report it shows the "desti...

roma by L2 Linker
  • 29714 Views
  • 5 replies
  • 0 Likes

Country Block and security policy ordering

We are currently setting up policies to block all traffic to\from all countries except a select few. The rules are in place and seem to be working well. As a best practice, do you create a deny rule for all other out of country or do you just let the interzone-default rule catch the rest? If you do create a rule, is it best practice to keep def...

RussMc by L1 Bithead
  • 2202 Views
  • 1 replies
  • 0 Likes

Memory Corruption Exploit

Good day, This may be a silly question we have been getting memory corruption exploit Alerts from a certain endpoint. Client does see them as cause for concern.On a single end point would it be cause for concern to see multiple memory corruption exploits coming from different executables (ex: iexplorerer.exe, WmiPrvSE.exe, ect {both signed by m...

aadamb by L0 Member
  • 3542 Views
  • 0 replies
  • 2 Likes

How to detect domain fronting

Hi, did anyone manage to write a custom signature to detect domain fronting?PA extracts the Host header, so in theory it should be possible to detect if the Host header is different from the URL? Alternatively, if one could log the Host header one could develop external detection logic in a SIEM. Regards, Andreas

AndreasB by L2 Linker
  • 9278 Views
  • 2 replies
  • 0 Likes

Unit42 STIX 2.0 feeds

I'm running my own Anomali STAXX server. I'm trying to ingest these Unit 42 feeds. Do they still exist? The page is still up and I registered and created my API keys. No matter what I try to do, I can't get Anomali STAXX to connect. https://stix2.unit42.org/ The only idea I have left is that maybe Palo stopped offering it when they switched to...

ingerl by L0 Member
  • 3767 Views
  • 1 replies
  • 1 Likes

ThreatID 81845 - Generic PHP Webshell File Detection false positives

Anyone else seeing a large number of threat alerts this morning for the new generic signatures added last night? Seeing dozens this morning coming from user document downloads from a trusted financial source. I haven't fully decrypted the data yet, but appears to be false positives. Anyone know exactly what all these new critical threat signatur...

Uptick in Solarwinds exploit domain flagging

Starting early Saturday morning (4/23) we started getting a large number of DNS threat alerts for 3 domains associated with the Solarwinds exploit. These domains are now resolving to multiple Leaseweb IPs (as I recall, they were NX previously). Digging thru the Threat & Vulnerability database, these 3 domains are still flagged, but the other...

  • 545 Posts
  • 78 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks