Advanced Threat Prevention Discussions

Welcome to the Threat & Vulnerability Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Minemeld & Log4j

Hello

Is Minemeld affected by Log4j?

I see Palo's Security Advisories about Log4j (https://security.paloaltonetworks.com/CVE-2021-44228) - but there is no Minemeld in it.

Is anybody out there, who can answer this?

thanks

roger

Pros & Cons to Blocking Java Files, and Which Ones to Block

Hey guys,

I've inherited a ruleset that is blocking Java CLASS file downloads, but not Java JAR files. I am not a Java developer and have very limited knowledge of the particulars relating to these files as potential threat vectors. But I have seen n

...

Resolved! URL Filtering malware alert ciscobinary.openh264.org false positive?

Hi, everyone,

Today since 4:44 p.m. we have these malware entries in the URL Filtering Monitor.

The strange thing is, when I look for the ZIP file in the Data Filtering Monitor, this ZIP file has been logged there for weeks.

Is that a false positive me

...

Resolved! Palo Alto Firewall Actions

Hi folks, I am not much familiar with palo alto logs as we're getting logs in siem console in which event name is url filtering and action for this event is allow so can someone please shed some light on this issue?

Resolved! Trying to identify a threat by host contact attempts

All,

We're trying to track down some weirdness being reported by our Panorama instance. Every night around the same time we see some traffic from our central DNS server get sinkholed because it's a "Suspicious DNS Query". We're working in parallel

...

Log4j vulnerability

Hi Team,

How to fix mitigate Log4j vulnerability in Palo Alto Firewall.

Kindly share how can we check whether our product infected and how to overcome from this vulnerability.

Thanks.

Host Sweep

Our Zone Protection | Hoist Sweep configuration was blocking Internet connections on some local hosts due to enabled "News and Interests" Windows 10 Toolbar. I hope this helps with troubleshooting.

Resolved! Change Default Action of a set of threat

Hello,

My customer ask me to change the default action of several threats.
I'm not able to see an Id that I can use to group some threat with the same action on the same rule.
For ex.
PHP Vulnerability scanning Detection (Default :Alert) I have to set to

...

Adobe-Creative Cloud WildFire Virus alerts.

Hi,

Since this morning June 17/2020 I have been getting Virus alerts in the Threat log. It has pointed out that ProxyResolverWin7.dll is the culprit.

I went to a few machines and searched for ProxyResolverWin7.dll and uploaded it to VirusTotal. All c

...

Apache Log4j Vulnerability -- Wildfire vrs update to Application and Threat content update 8502

maybe question i should ask myself after cup of morning coffee.

Hope you can help...

I see recommendation for Next Gen firewall: (Application and Threat content update 8502)

Next-Generation Firewalls or Prisma Access with a Threat Prevention security su

...

URL Blocking not working

Hello

Can anyone explain why this doesn't work?

I added misoft5.s3.us-east-2.amazonaws.com and misoft5.s3.us-east-2.amazonaws.com/* to my blocked URL list.

If I type in misoft5.s3.us-east-2.amazonaws.com in a browser I get the BLOCKED page. All is well.

...

id threat 91991

Hola a todos, ¿pueden ayudarme a filtrar en el ID de registro de amenazas 91991 en el firewall, cuál es el nombre que debo poner en el filtro?
Aprecio tu ayuda

Status of a given threat signature?

I'm running a 9.1 firewall with threat protection and wildfire. How do i check that a specific threat signature is turned on and blocking?

Firewall is allowing certain packets through different policy in URL based traffic blocking scenario

Hi Team,

We had configured an EDL today with URL list and created an security policy and applied it for an specific source IP address.

We had tried to access an URL in the EDL list and the website is not loading on the PC.

When checking the Traffic l

...

Threat ID 52019

Hi,

Im Trying to get some information on "Threat ID 52019", as i found only 1 document referencing it in the Palo Alto Knowledge Base . The information provided does not describe it. Is there a way to get more information on this? FYI, I don't have a

...

Discussions

Welcome to the Threat & Vulnerability Discussions!

Rules and Best Practices

Minemeld & Log4j

Pros & Cons to Blocking Java Files, and Which Ones to Block

Resolved! URL Filtering malware alert ciscobinary.openh264.org false positive?

Resolved! Palo Alto Firewall Actions

Resolved! Trying to identify a threat by host contact attempts

Log4j vulnerability

Host Sweep

Resolved! Change Default Action of a set of threat

Adobe-Creative Cloud WildFire Virus alerts.

Apache Log4j Vulnerability -- Wildfire vrs update to Application and Threat content update 8502

URL Blocking not working

id threat 91991

Status of a given threat signature?

Firewall is allowing certain packets through different policy in URL based traffic blocking scenario

Threat ID 52019

PAN-OS logs

Are there signature release for following vulnerabilities?

Cannot update Adobe Creative Cloud

App & Threat Content Comparison Utility

Wildfire False Positive for THREAT-ID 614284446

Unlock your full community experience!

Rules and Best Practices

Resolved! URL Filtering malware alert ciscobinary.openh264.org false positive?

Resolved! Palo Alto Firewall Actions

Resolved! Trying to identify a threat by host contact attempts

Resolved! Change Default Action of a set of threat