Advanced Threat Prevention Discussions

Welcome to the Threat & Vulnerability Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

Inquiry About Building and Publishing a Cortex XDR Integration

Hi Team,We have a customer interested in developing a data connector for Cortex XDR, with the intention of making it publicly available via the Cortex XDR Marketplace. Our team will take full ownership of the development process, and we’d appreciate your guidance on best practices, platform limitations, and the overall integration and publishing...

Threat ID: 31671 - SCADA ICCP Unauthorized COTP Connection Established

SCADA, or Supervisory Control and Data Acquisition, systems are critical industrial control systems that monitor and manage sensitive processes. This alert, "Threat ID: 31671 - SCADA ICCP Unauthorized COTP Connection Established," signifies that an unauthorized ICCP (Inter-Control Center Communications Protocol) client has successfully establish...

PAN-OS management interfaces against vulnerabilities like CVE-2025-0111?

Hello, What best practices should organizations follow to secure their PAN-OS management interfaces against vulnerabilities like CVE-2025-0111? Best Regard, Kerolina

I'm not able get community Edition

Dear Team, Please, can anyone help to get the community version of the XSOAR OVA file? Already I have registered but not received any mail

Packet Buffer Protection (PBP)

We are receiving multiple alerts for Packet Buffer Protection (PBP) being triggered on internal-to-internal and internal-to-external traffic. My understanding is that PBP is primarily intended to protect against DoS attacks, which are typically external-to-internal in nature.Is it expected behavior for PBP to be triggered by internal-to-internal...

critical control points

Hi everyone, When it comes to securing firewall management systems—those critical control points in any network—what strategies, best practices, or tools have you found most effective? Whether it’s role-based access controls, dedicated management networks, or using tools like SIEMs or NACs, I’d love to hear what’s worked for you. Are there any l...

most effective for protecting

Hello, What strategies or tools have you found most effective for protecting your firewall management infrastructure? Best Regard, Kely

organizations implement to protect identity

Hello, What best practices should organizations implement to protect identity and access management (IAM) systems from vulnerabilities like CVE-2023-23397 affecting Microsoft Outlook and Exchange servers? Best Regard, Dona

VLC update - "Virus" alert PA

Hello, I have a question regarding alert in Threat detection - type "virus" Some endpoints were trying to update VLC player, but it detected as "virus" with this threat ID: 706518286. This is file name: mirror.alwyzon.net/videolan/vlc/3.0.21/win64/vlc-3.0.21-win64.exe. After analysis, I found out that VLC auto-update was trying to download late...

Port 5060 Remains Blocked Despite Threat Exemption

Port 5060 is still being blocked even after the security threat (Threat ID 40016) responsible for the block was added to the exemption list. We’ve already applied the threat exemption to the corresponding security policy, and also cleared the session browser for the specific IP address experiencing blocked traffic on port 5060. However, the issu...

'Virus/Win32.WGeneric.lsngt' generated by PAN NGFW detected on 2 hosts

File Macro SHA256: N/AIF file macro SHA256 is not available then on what basis PNGFW detected alert "'Virus/Win32.WGeneric.lsngt' generated by PAN NGFW detected on 2 hosts ". Can someone please explain me this?

False Positive

Please, check this false positive: Link to Virustotal report for the file: https://www.virustotal.com/gui/file/512aee2bf9656af68d0c001af9470070563a1b592e668569d7191998828d1698?nocache=1 File hash: : 512aee2bf9656af68d0c001af9470070563a1b592e668569d7191998828d1698 Current VirustTotal Verdict: Generic.ml Description: This file is used to upd...

DNS issue due to Proxy-Avoidance-and-Anonymizers software

Hello All, We observered a Sev 1 issue last week which was related to internet slowness that impacted large number of users . During the issue start time , we observed DNS traffic blocks between our DNS server and URL services.disconnect.me ( Palo Alto firewall was flagging it as Threat) Regarding this URL – this is related to a browser extensio...

cortex-xdr-payload.exe access lsass.exe

Hi guys, I received an alert regarding cortex-xdr-payload.exe accessing lsass.exe. The full path is: below: C:\ProgramData\Cyvera\LocalSystem\Download\protected_payload_execution\cortex-xdr-payload.exeFrom my research, the legitimate cortex-xdr-payload.exe is used for offline triage collection, but I haven’t found any references to other related...

Are these two vulnerabilities CVE-2024-00012 and CVE-2025-0111 the same?

Hello team,We have some questions regarding the latest Management Web Interface Vulnerability. Please answer below questions :-Are these two vulnerabilities CVE-2024-00012 and CVE-2025-0111 the same?When was CVE-2025-0111 identified ?

Discussions