This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
About Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.

Discussions

Start a conversation

Welcome to the Threat & Vulnerability Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4172 Views
  • 0 replies
  • 0 Likes

Resolved! Possible false positive C2 traffic

Hello,Starting on 31st of October following the threat and content update 8480-7019, we noticed that traffic to wordpress sites ending in the URL wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js is being flagged as generic C" traffic. Checked the IP addresses and URLs on Virustotal and they are all clean.Wondered if anyone else has b...

False positive - Cisco HyperFlex HX Remote Command Execution - ID: 91836

Beginning this morning we are seeing lots of apparent false positives for threat ID: 91836 - Cisco HyperFlex HX RCE, which was added to the threat database last night. The destination server is in Wells Fargo IP space and we have determined that this is users trying to log into Wells Fargo online banking at:https://connect.secure.wellsfargo.com/...

Vulnerability found on Firewall Need to address

Hi Team, We are getting following vulnerabilities on one of our PA Firewall. Kindly suggest the next PoA regarding mentioned vulnerabilities. PluginPlugin NameFamilySeverityIP AddressType 84502HSTS Missing From HTTPS ServerWeb ServersMediumx.x.x.xPalo Alto 136929JQuery 1.2 < 3.5.0 Multiple XSSCGI abuses : XSSMediumx.x.x.xPalo Alto Kindly ...

SahulH by L3 Networker
  • 7804 Views
  • 7 replies
  • 0 Likes

Resolved! DNS Security Service interfering with SPAM filter

I have the DNS Security Service and it is set to sinkhole various malicious domains, including newly registered ones. The problem is that our on-premise spam filter tries to do lookups against the sending domain when we receive email, and I believe that the lookups for the MX records and maybe TXT records, etc. My anti-Spyware policy is set to s...

khsieh by L2 Linker
  • 4141 Views
  • 1 replies
  • 0 Likes

Certificate vulnerabilities

I have found several of my network devices are showing up within our vulnerability management scanner with X.509 Certificate Subject CN does not match the entity name as a vulnerability. This is more than likely a DNS issue as I do not have any network devices with DNS records. I have been told conflicting opinions and would like to know how do ...

mcruz10 by L0 Member
  • 5148 Views
  • 2 replies
  • 0 Likes

Help with Threat log SCAN: Host Sweep

I am looking for assistance interpreting a report that shows “SCAN Host sweep traffic” in my threat log. There are multiple internal sources scanning multiple destination IP addresses that I do not own. The daily number of scans detected from each source is between 2 and 10. The source machine rarely scans the same destination. Is this a low lev...

sample date.PNG
sample destination.PNG

Threat : Compromised or manufacturer default password found in HTTP Basic Authentication

we have updated a Firewall last week to version 9.1.13 on July 16, 2021, after this update we have threat alerts = "Compromised or manufacturer default password found in HTTP Basic Authentication >> 50 alerts in 1 hour.we have forced the users to change their password and threat alert it does not stop.is that a positive fault?

afarah by L0 Member
  • 8583 Views
  • 2 replies
  • 0 Likes

Resolved! Getting SMB brute force logs

hey, guys hope you are doing well One of my customer getting the logs of SMB: User Password Brute Force Attempt for a particular user as the user is connected to Global VPN to LAN the port 445 getting reset both traffic logs in threat logs all things are working fine GP is authenticated but why these logs are getting what things we should do cus...

Apache Tomcat WebSocket Denial-of-Service Vulnerability' generated by NGFW

RE: 'Apache Tomcat WebSocket Denial-of-Service Vulnerability' generated by PAN NGFW detected on host foo-wrkXXX involving user foo\User.Name-- Unique Threat ID: 59026 I am wondering if others are seeing this Alert generated due to what appears to be mostly client updates of OneNote (and perhaps other cloud apps). Looking at the threat ID, I see ...

Zone protection flood thresholds

I get ICMP and UDP flood alert messages from my external zone protection profile all the time. It does not seem to impact production - but not totally sure on that though.We just have 1 - 5220, no Panarama. Anyone have any advise as to how best to collect CPS values for my environment or best practice baseline numbers I could plug in here to hel...

  • 545 Posts
  • 78 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks