Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
About Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.

Discussions

Block High Risk TLDs

Hi All,

 

I want to start blocking 'high risk' top level domains within PAN-OS. Has anyone else done this successfully? 

 

I presume the following should work based on PAN-OS RegEX:

 

URL Category:

 

*.eg/

*.ex/

etc....

 

Set URL Category to 'Block' within exist

...

Josh990 by L2 Linker
  • 5175 Views
  • 3 replies
  • 0 Likes

Threat Log False Positives

Hi,

 

In short - I'm looking to a way to identify false positives.

 

My organisation's anti virus profiles within our Palo NGFWs are detecting multiple generic threats of a 'medium' level and blocking them. I'm trying to determine whether any of these ar

...

ShaneMcG by L0 Member
  • 6929 Views
  • 3 replies
  • 0 Likes

Minemeld & Log4j

Hello

 

Is Minemeld affected by Log4j?

I see Palo's Security Advisories about Log4j (https://security.paloaltonetworks.com/CVE-2021-44228) - but there is no Minemeld in it. 

Is anybody out there, who can answer this?

 

thanks

roger

Resolved! Palo Alto Firewall Actions

Hi folks, I am not much familiar with palo alto logs as we're getting logs in siem console in which event name is url filtering and action for this event is allow so can someone please shed some light on this issue?

simr12 by L1 Bithead
  • 6848 Views
  • 5 replies
  • 0 Likes

Host Sweep

Our Zone Protection | Hoist Sweep configuration was blocking Internet connections on some local hosts due to enabled "News and Interests" Windows 10 Toolbar.  I hope this helps with troubleshooting.

tdevic by L0 Member
  • 3489 Views
  • 2 replies
  • 0 Likes

URL Blocking not working

Hello

Can anyone explain why this doesn't work?

I added misoft5.s3.us-east-2.amazonaws.com and misoft5.s3.us-east-2.amazonaws.com/* to my blocked URL list.

If I type in misoft5.s3.us-east-2.amazonaws.com in a browser I get the BLOCKED page. All is well.

...

  • 541 Posts
  • 75 Subscriptions