NRD protection

Will enabling an NRD URL filter be able to filter inbound SMTP connections and block for deny emails from a Newly Registered Domain or is it designed to simply block clients from connecting to URLs that have Newly Registered Domains? Is there any way

How to detect the virus came from which ip

several servers in Data Center are affected by a virus but I am unable to pin point the source. Can anyone assist?

Masscan Port Scanning Tool Detection'

I am getting this alert Masscan Port Scanning Tool Detection' what can I do that will stop the scanning, I would think I would need to do more that alert and when I check the threat database it didn't really offer much 

Novidade Exploit kit emergency content update

We received this emergency content update but from what I can research this exploit kit is affecting home and small office routers, has something changed ? or is PA updating to provide coverage for due diligence? 

Downloading TMS On-Prem Broker VM

How long i need to wait until i can download On-Prem Broker VM on Support Portal Software Update after activating TMS service on HUB

because until now i can't see menu <Filter the results by On-Prem Broker VM> on the software update menu

IPS detects HTML SQL Injection attempt (35827) only after WebServer returns 302 on original request

During an event investigation, noticed the following behavior:

1. Attacker sends SQL injection request to WebServer (that sits behind a Palo-Alto).
2. WebServer answers with HTTP 302 to redirect to error page (the error page is basically "/error.aspx/[origi

Wind River VxWorks

Is Palo Alto working on signatures/rules for the CVE's listed below ( ICS Advisory (ICSA-19-211-01) )?

CVE‐2019‐12255

CVE‐2019‐12256

CVE‐2019‐12260

CVE‐2019‐12257

CVE‐2019‐12261

CVE‐2019‐12263

CVE‐2019‐12258

CVE‐2019‐12262

CVE‐2019‐12264

CVE‐2019‐12259

CVE‐201

Threats on port 80 for globalprotect external interface?

We have been getting more and more threat alerts for our outside interface, that hosts our GlobalProtect portal/gateway, and in every alert its because the destination port is 80.

Ive checked and if you browse to our portal on http it redirects to th

Top 20 Outbound IP Report

We have a new security director and I have been tasked with created a few reports about IP traffic. 

The request for for the following:

-Top 20 outbound IPs that are NOT in the DNS cache

-Top 20 outbound IPs by data sent

-Top 20 outbound IPs by connectio

connections firewall to ldap

Hello, i need your help. Iwould like to know how the ildap connection woks. Why are there connections between the PAN directly to the pc and does not go through the AD server?

Is this behavior normal?

The security departament says it´s not normal or th

Remote Desktop Services Vulnerability (CVE-2019-1181, 1182, 1222, 1226)

Anyone know which Content Update (released or upcoming) might contain a mitigation for CVE-2019-1181, 1182, 1222, 1226?

I understand there was an original advisory -> CVE-2019-0708 but I'm wondering if there is a specific update for the more recent a

Application risk factor

Is there any document explaining how and why an application is assigned a certain risk factor?