This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
About Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.

Discussions

Start a conversation

Welcome to the Threat & Vulnerability Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4170 Views
  • 0 replies
  • 0 Likes

Connection to self.events.data.microsoft.com/OneCollector/1.0/ is flagged as log4j

Hi, anybody knows why connection to self.events.data.microsoft.com/OneCollector/1.0/ is being flagged as log4j by Palo Alto firewall? Threat: Apache Log4j Remote Code Execution Vulnerability(92004)Threat ID: 92004Threat Category: code-execution I believe this is telemetry from Microsoft products, probably MS Office. Appreciate if anybody can h...

Zakuan by L0 Member
  • 10865 Views
  • 2 replies
  • 2 Likes

Resolved! Samba Out-of-Bounds Heap R/W Remote Code Execution (RCE) Vulnerability (CVE-2021-44142)

Hi All,I would like to know if PAN-OS is affected by the Samba Out-of-Bounds Heap R/W Remote Code Execution (RCE) Vulnerability (CVE-2021-44142) and if they are what actions need to be taken. We are running 9.1.11-h3 on PA-Firewall and 8.1.15 Panorama.I have searched the PA threat vault and cannot find anything related there.Many Thanks,

Pras by L4 Transporter
  • 5042 Views
  • 3 replies
  • 1 Likes

Block High Risk TLDs

Hi All, I want to start blocking 'high risk' top level domains within PAN-OS. Has anyone else done this successfully? I presume the following should work based on PAN-OS RegEX: URL Category: *.eg/*.ex/etc.... Set URL Category to 'Block' within existing URL Filtering Profile. Cheers

Josh990 by L2 Linker
  • 5707 Views
  • 3 replies
  • 0 Likes

Threat Log False Positives

Hi, In short - I'm looking to a way to identify false positives. My organisation's anti virus profiles within our Palo NGFWs are detecting multiple generic threats of a 'medium' level and blocking them. I'm trying to determine whether any of these are false positives, and if they should remain blocked. The threat names all follow the same format...

ShaneMcG by L0 Member
  • 7822 Views
  • 3 replies
  • 0 Likes

Minemeld & Log4j

Hello Is Minemeld affected by Log4j?I see Palo's Security Advisories about Log4j (https://security.paloaltonetworks.com/CVE-2021-44228) - but there is no Minemeld in it. Is anybody out there, who can answer this? thanksroger

Pros & Cons to Blocking Java Files, and Which Ones to Block

Hey guys, I've inherited a ruleset that is blocking Java CLASS file downloads, but not Java JAR files. I am not a Java developer and have very limited knowledge of the particulars relating to these files as potential threat vectors. But I have seen nothing in my initial research that leads me to believe this was an intentional, justified policy....

locampo by L1 Bithead
  • 5006 Views
  • 1 replies
  • 0 Likes

Resolved! Palo Alto Firewall Actions

Hi folks, I am not much familiar with palo alto logs as we're getting logs in siem console in which event name is url filtering and action for this event is allow so can someone please shed some light on this issue?

simr12 by L1 Bithead
  • 7741 Views
  • 5 replies
  • 0 Likes

Resolved! Trying to identify a threat by host contact attempts

All, We're trying to track down some weirdness being reported by our Panorama instance. Every night around the same time we see some traffic from our central DNS server get sinkholed because it's a "Suspicious DNS Query". We're working in parallel to identify the system originating these queries, but I was asked to see if anyone in the communi...

swozny by L0 Member
  • 4662 Views
  • 1 replies
  • 33 Likes

Host Sweep

Our Zone Protection | Hoist Sweep configuration was blocking Internet connections on some local hosts due to enabled "News and Interests" Windows 10 Toolbar. I hope this helps with troubleshooting.

tdevic by L0 Member
  • 3928 Views
  • 2 replies
  • 0 Likes

Resolved! Change Default Action of a set of threat

Hello,My customer ask me to change the default action of several threats.I'm not able to see an Id that I can use to group some threat with the same action on the same rule.For ex.PHP Vulnerability scanning Detection (Default :Alert) I have to set to reset-both.On threat Vault I can see ID 57797 but on "Vulnerability protection Rule" I can add l...

  • 545 Posts
  • 78 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks