Advanced Threat Prevention Discussions

Welcome to the Threat & Vulnerability Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Certificate vulnerabilities

I have found several of my network devices are showing up within our vulnerability management scanner with X.509 Certificate Subject CN does not match the entity name as a vulnerability. This is more than likely a DNS issue as I do not have any netwo

...

CVE 2021-3050 Fix firmware upgrade

Hey guys as we know the above advisory resolve in PANOS 10.0.8 and above so in the solution, Palo alto says they will resolve it in September can I get to know the status of the new firmware or can I download the 10.1.0 but that is not the stable ver

...

Help with Threat log SCAN: Host Sweep

I am looking for assistance interpreting a report that shows “SCAN Host sweep traffic” in my threat log. There are multiple internal sources scanning multiple destination IP addresses that I do not own. The daily number of scans detected from each so

...

Threat : Compromised or manufacturer default password found in HTTP Basic Authentication

we have updated a Firewall last week to version 9.1.13 on July 16, 2021, after this update we have threat alerts = "Compromised or manufacturer default password found in HTTP Basic Authentication >> 50 alerts in 1 hour.

we have forced the users to cha

...

Resolved! Getting SMB brute force logs

hey, guys hope you are doing well One of my customer getting the logs of SMB: User Password Brute Force Attempt for a particular user as the user is connected to Global VPN to LAN the port 445 getting reset both traffic logs in threat logs all things

...

Resolved! Need an threat id .

I need to block these gamarue & avalanche-andromeda malware family please provide me the Thread-ID for this.

Resolved! Malicious IP addresses and High Risk IP addresses objects are not listed in Panorama

Hello,

I would like to add a policy for External Dynamic List in Panorama as a pre-rule for a particular device group. However, I am not able to see the Malicious IP addresses and High-Risk IP addresses in Panorama.

Kindly suggest.

Thanks

Apache Tomcat WebSocket Denial-of-Service Vulnerability' generated by NGFW

RE: 'Apache Tomcat WebSocket Denial-of-Service Vulnerability' generated by PAN NGFW detected on host foo-wrkXXX involving user foo\User.Name

-- Unique Threat ID: 59026

I am wondering if others are seeing this Alert generated due to what appears to be

...

Zone protection flood thresholds

I get ICMP and UDP flood alert messages from my external zone protection profile all the time. It does not seem to impact production - but not totally sure on that though.

We just have 1 - 5220, no Panarama. Anyone have any advise as to how best to co

...

Malicious signature "Virus/Win32.WGeneric.bjpxbe" detected on Cortex XDR

Hi,

Malicious signature "Virus/Win32.WGeneric.bjpxbe" is detected on Cortex XDR.

When dwelled further, details & screen grab from THREAT VAULT are shared for your perusal

Unique Threat ID: 422569341

SHA256 values are (09fb42aa3d9fcb32e2dab5f9e614a1975e

...

Resolved! DNS Security

Hello,

Is there any way to turn off the following information after commit on 9.0.1 with Anti-Spyware Profile attached to Security Policy?

I can't delete Palo Alto Networks DNS Security option from Anti-Spyware Profile.

Warnings

Warning: No Valid DNS Se

...

Vulnerability CVE 2021-3050

Hey, guys, one of my clients want the POA (Plan of Action) for this vulnerability what should I check in the firewall. I checked the Traffic WAN TO WAN the security Profiles are attached properly but the management IP is pvt i access the firewall by

...

Latest DDOS attack related issue on Palo alto

Hey guys one of my client having a concern about the security patch. he has PA-820 PA and PA-220. The New DDOS attack is there ID is CIAD-2021-0030

https://clicktime.symantec.com/3QdtY9QLh9kb4B5ny33Z2KD7Vc?u=https%3A%2F%2Fwww.cert-in.org.in%2F

Please

...

Resolved! threat generic:5llion.com generic:conti.news

How to block this “unknown“ event to the customer that contains the threat generic:5llion.com (408607164). Because this threat is categorized as DNS Signature, the event had the destination port 53

How to enable signature of Unique threat id

Hello guys hope you doing well I had one question this vulnerability is resolved in the unstable version of PANOS as I see we want to enable the Unique id signature because the affected version is 9.1.4 and 10.0.0 so what should I do to enable this u

...

Discussions

Welcome to the Threat & Vulnerability Discussions!

Rules and Best Practices

Certificate vulnerabilities

CVE 2021-3050 Fix firmware upgrade

Help with Threat log SCAN: Host Sweep

Threat : Compromised or manufacturer default password found in HTTP Basic Authentication

Resolved! Getting SMB brute force logs

Resolved! Need an threat id .

Resolved! Malicious IP addresses and High Risk IP addresses objects are not listed in Panorama

Apache Tomcat WebSocket Denial-of-Service Vulnerability' generated by NGFW

Zone protection flood thresholds

Malicious signature "Virus/Win32.WGeneric.bjpxbe" detected on Cortex XDR

Resolved! DNS Security

Vulnerability CVE 2021-3050

Latest DDOS attack related issue on Palo alto

Resolved! threat generic:5llion.com generic:conti.news

How to enable signature of Unique threat id

PAN-OS logs

Are there signature release for following vulnerabilities?

Cannot update Adobe Creative Cloud

App & Threat Content Comparison Utility

Wildfire False Positive for THREAT-ID 614284446

Unlock your full community experience!

Rules and Best Practices

Resolved! Getting SMB brute force logs

Resolved! Need an threat id .

Resolved! Malicious IP addresses and High Risk IP addresses objects are not listed in Panorama

Resolved! DNS Security

Resolved! threat generic:5llion.com generic:conti.news