Palo Alto Networks PAN-OS 8.1.x / 9.0.x / 9.1.x / 10.0.x Improper Input Validation

Hi All,

I would like to verify some vulnerability as in PAN OS Advisory for  "Low- PAN-OS 8.1.x / 9.0.x / 9.1.x / 10.0.x Improper Input Validation"

Also there are detected by Nessus scanner for "High- SQLi scanner and low- Auto completion finding".

Is

PoshC2 false positive

Hello,

We are seeing what appears to be false positive detections for the PoshC2C vulnerability signatures that was released recently. Connections going to Google and BBC, is anyone else seeing the same thing here?

URL filtering policy is not enforced on TLS handshakes for decrypted HTTPS sessions (panos-cve-2020- 2035)

while scanning getting this vulnerability. the CVE no is mentioned, it is not helping to close the gap. need your support pls

Virus/Win32.WGeneric.cfzcwn False/Positive?

Received multiple alert for comms between two systems triggered by virus signature ( date of released on 3/3/2022). 

Anyone else received these, is it false/positive?

Name: Virus/Win32.WGeneric.cfzcwn

Unique Threat ID: 468826517

Create Time: 2022-02-03 1

No entry in the User-Agent field in threat logs

Hi All,

We had recently got threat log entries on the PA firewall. While checking the logs the Browser "User-Agent" column in the threat field is empty.

While reading the documentations it is advised that this filed will be populated only for HTTP tr

Block on APP-ID (Apache Log4j )

Hello All,

After a bit of help ...I' have never created a block type rule on a Palo and now my boss wants me to create a .block rule for the above.

We have about 300 policies in the our firewall so no idea how to create a block and apply it .

Can anybod

CVE-2021-44790 & CVE-2021-44224

Hi All

we are using Paloalto firewall 3060 with OS version 8.1.7

is there any updated info regarding this vulnerability CVE-2021-44790 & CVE-2021-44224? Has Paloalto found a way to mitigate this vulnerability?

Please advise

Connection to self.events.data.microsoft.com/OneCollector/1.0/ is flagged as log4j

Hi, anybody knows why connection to self.events.data.microsoft.com/OneCollector/1.0/  is being flagged as log4j by Palo Alto firewall? 

Threat: Apache Log4j Remote Code Execution Vulnerability(92004)

Threat ID: 92004

Threat Category: code-execution

I b

Vulnerability

1. Missing Secure Flag From SSL Cookie.
2. TLS/SSL Server Is Using Commonly Used Prime Numbers.

we need remediation of the vulnerability 

Abnormal SSL traffic on 443

Hello I was looking into an pan threat on the logs I noticed that I Abnormal traffic is being detected  does anyone have any ideas to minimize the threat or Best Practices or more possible features I can add to the Panorama

Thanks  

Block High Risk TLDs

Hi All,

I want to start blocking 'high risk' top level domains within PAN-OS. Has anyone else done this successfully? 

I presume the following should work based on PAN-OS RegEX:

URL Category:

*.eg/

*.ex/

etc....

Set URL Category to 'Block' within exist

Threat Log False Positives

Hi,

In short - I'm looking to a way to identify false positives.

My organisation's anti virus profiles within our Palo NGFWs are detecting multiple generic threats of a 'medium' level and blocking them. I'm trying to determine whether any of these ar