This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
About Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.

Discussions

Start a conversation

Welcome to the Threat & Vulnerability Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4173 Views
  • 0 replies
  • 0 Likes

Resolved! Automatic IP block-list PAN 8.0

Hello all, I am wondering if there is any way to let's say block the IP address from a source for a set period of time. An example of this could be, we are being attack, same IP address hitting our firewall a 100 times in 3 minutes, It is being reported as "code execution vulnerability." Now the action is dropped, but the IP address could be r...

Resolved! custom snort signature add the pattern if the context operator is not found

creating a custom snort signature on Palo alto Firewall but didn’t found the concern context operator for match pattern.Shall we create a context operator or how it can add the pattern if the context operator is not available? For example:alert tcp $HOME_NET any -> $EXTERNAL_NET 443 (msg:"[CIS] Emotet C2 Traffic Using Form Data to Send Passwo...

Snort.jpg

Microsoft Directory Services/ms-ds-smbv3 - /Virus/Win32.WGeneric.badouv

Hello, We are seeing so many alerts in the threat logs that are linked to:Virus/Win32.WGeneric.badouvName: Virus/Win32.WGeneric.badouvUnique Threat ID: 398700357Create Time: 2021-02-03 13:41:24 (UTC)Threat ID: 1103259Current Release: 3615 (2021-02-03 UTC)First Release: 3615 (2021-02-03 UTC) We think it may be a false positive. how can we proceed...

Elhitti by L0 Member
  • 5655 Views
  • 2 replies
  • 3 Likes

SkyVPN - Really a C2 threat?

Hi, I have just spotted a treat alert of SkyVPN C2 traffic (ID 18871) in my logs and looked at the entry on the Threat Vault. This seems to be quite an old detection but when I looked around for any further information regarding SkyVPN, I couldn't see anything referring to it as a known threat; just a cheap domestic VPN. Does anyone have any kn...

djr by L4 Transporter
  • 3367 Views
  • 1 replies
  • 0 Likes

Port Scans & Telnets on a PA running 8.0

I am new to the world of PA and next gen firewalls and took some online training. I discovered that in the Traffic Proccessing phase before App ID gets applied in the Security Policy that the session is already allowed to start if the layer 4 ports are allowed in the policy. This makes me wonder if I were to run a port scan on my public addres...

Zone protection on sub interfaces

Apologies if this is going over old ground but I have an issue with zone protection and am stumped trying to work out what it is. I have configured and applied the zone protection profile to a layer3 sub-interface, when I test against it with crafted packets the majority of the configured protections flag using the following commandshow zone-pro...

Resolved! Best practice stopping attacks from outside

I noticed the default action for the new "NAT Slipstreaming Detection" signatures are set to Alert.How come they are not set to Drop or something else that stops this attack in its tracks? Also, is there a best practice on protecting against attacks, such as this one, in general? Or does it come down to personal/company preference?For example, d...

  • 545 Posts
  • 78 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks