This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
About Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.

Discussions

Start a conversation

Welcome to the Threat & Vulnerability Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4178 Views
  • 0 replies
  • 0 Likes

Suspicious TLS Evasion Suggestion

In our environment, we use another product for web traffic decryption/inspection. Since that product acts as a proxy and all web traffic gets forwarded to those configured proxy IP addresses, this traffic is getting flagged by our firewalls as suspicious TLS evasion, which is creating a lot of noise. What would be the best solution to this probl...

PA-820 Threat License attack passed

Hello Guys, This is my first post here and I am very sad. I am big fan of PA and had a couple of implementations with customers but...Sadly, last sunday, PA-820 appliances in HA were not enough to stop hackers/attack. Customer of mine had some public exposed servers(public services).In log files I saw many login attempts and no Brute-force signa...

KaloyanKirchev_0-1580376316902.png

Turn around time for test a site submision

So As a network admin I was disappointed to see that Palo have marked this url as low risk : https://webrecorder.io/If you do not block this site it allows your users to negate all of your well thought out url policies, yes they can just jump on a porn site and start streaming away. I submitted the url to test a site a few days ago but still th...

Whitelist Vendor IP range from Paloalto IPS

Hi All, I am looking for more effective way to whitelist a vendor on IPS without whitelisting at the FW as well. I am looking for traffic from vendore ip range to be completely exempted from Vulnerability / antivirus / Anti-spyware without creating any firewall rule and security profile. Is it possible ?

mnadeem by L0 Member
  • 30760 Views
  • 12 replies
  • 0 Likes

NRD protection

Will enabling an NRD URL filter be able to filter inbound SMTP connections and block for deny emails from a Newly Registered Domain or is it designed to simply block clients from connecting to URLs that have Newly Registered Domains? Is there any way to filter email for NRDs or is that the domain of a SPAM filter?

Resolved! PCI: How do I exempt an ASV scanner from the IPS functions (Next-Gen, Vuln-Protection... etc)

We are trying to exempt our ASV scanner IPs from vuln protection, AV, etc... without whitelisting them from the firewall (host/port) rules we have in place. All I can find is exempting IPs based on a single Threat ID. Thanks. PCI Scanning Standard:"13. Arrangements must be made to configure the intrusion detectionsystem/intrusion prevention sys...

Resolved! PAN-OS 8.0 Blue team help (In a little over my head)

I joined my schools cyber defense team last week, and subsequently volunteered to manage the firewall (Palo Alto VM version 8.0.0). I was supposed to have until the 23rd to learn as much as I could. However, due to scheduling conflicts we were moved to tomorrow. So, I need some help. Luckily it just so happened that on Veterans Day Palo Alto Net...

Roydub83 by L0 Member
  • 4814 Views
  • 2 replies
  • 0 Likes

IPS detects HTML SQL Injection attempt (35827) only after WebServer returns 302 on original request

During an event investigation, noticed the following behavior: Attacker sends SQL injection request to WebServer (that sits behind a Palo-Alto).WebServer answers with HTTP 302 to redirect to error page (the error page is basically "/error.aspx/[original request from attacker]")Attacker follows the 302IPS blocks request at this point.I'm wonderin...

  • 545 Posts
  • 78 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks