This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
About Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.

Discussions

Start a conversation

Welcome to the Threat & Vulnerability Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4172 Views
  • 0 replies
  • 0 Likes

Wind River VxWorks

Is Palo Alto working on signatures/rules for the CVE's listed below ( ICS Advisory (ICSA-19-211-01) )? CVE‐2019‐12255CVE‐2019‐12256CVE‐2019‐12260CVE‐2019‐12257CVE‐2019‐12261CVE‐2019‐12263CVE‐2019‐12258CVE‐2019‐12262CVE‐2019‐12264CVE‐2019‐12259CVE‐2019‐12265

Threats on port 80 for globalprotect external interface?

We have been getting more and more threat alerts for our outside interface, that hosts our GlobalProtect portal/gateway, and in every alert its because the destination port is 80. Ive checked and if you browse to our portal on http it redirects to the https page, also it appears we don't specifically have a rule allowing or denying port 80/http....

CRDF18 by L2 Linker
  • 13859 Views
  • 7 replies
  • 0 Likes

Top 20 Outbound IP Report

We have a new security director and I have been tasked with created a few reports about IP traffic. The request for for the following:-Top 20 outbound IPs that are NOT in the DNS cache-Top 20 outbound IPs by data sent-Top 20 outbound IPs by connection time I have been working on a custom report for this, but I'm having trouble editing out the DN...

NathanV by L0 Member
  • 3838 Views
  • 1 replies
  • 0 Likes

connections firewall to ldap

Hello, i need your help. Iwould like to know how the ildap connection woks. Why are there connections between the PAN directly to the pc and does not go through the AD server?Is this behavior normal?The security departament says it´s not normal or they don´t understand Thanks for your help

Remote Desktop Services Vulnerability (CVE-2019-1181, 1182, 1222, 1226)

Anyone know which Content Update (released or upcoming) might contain a mitigation for CVE-2019-1181, 1182, 1222, 1226? I understand there was an original advisory -> CVE-2019-0708 but I'm wondering if there is a specific update for the more recent advisories? Original Micorosft advisory:https://portal.msrc.microsoft.com/en-US/security-guidan...

takhar_a by L0 Member
  • 10124 Views
  • 4 replies
  • 14 Likes

DNS Sinkhole - What constitutes investigation?

I have implemented DNS sinkholing and am curious what constitutes investigation. I am seeing some clients hitting the sinkhole but only for a short period (1-2 minutes or less). I'm not sure if these could be drive-by download attempts, or what they are. I would expect an infected machine to keep trying but these machines have the short lived si...

CVE-2019-9511 Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS)

Hi, Just wondering on expected release for signature for this Vulnerability? CVE-2019-9511 till CVE-2019-9518 capable of DoS attack. Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a spe...

akamat by L2 Linker
  • 3176 Views
  • 0 replies
  • 0 Likes

Resolved! C2 threat Wgeneric.aazufa (threatid 269587899)

I am seeing this traffic on my network from a particular user so thought I would just check out a bit about it, but I can't find any reference to aazufa on the web (via google) other than the threat vault entry. How come there is a threat which no-one seems to have heard of, and if Palo have made up the name, why doesn't the threat vault give th...

djr by L4 Transporter
  • 7435 Views
  • 3 replies
  • 0 Likes

Resolved! URL Filtering - Dynamic Updates

Hello,We have URL filtering with the PAN-DB license. If a URL is determined to be malicious, (from other URL checking websites, but not from Palo Aloto's yet, since they only categorized it as high risk and unknown at the moment). What is the best way to make sure users will be blocked from it? We are blocking the categories of hacking, malware,...

roma by L2 Linker
  • 8824 Views
  • 3 replies
  • 0 Likes

Resolved! Hotmail session end Reason "threat"

im trying to allow hotmail. i have created a policy to allow hotmail. when going to the web site "mail.live.com" action is "allowed" however the session is ended because "threat" i cant quite find why and/or where hotmail application is being catagorized as a threat. any help? thanks

HOTMAIL.png
wrollins by L1 Bithead
  • 12362 Views
  • 4 replies
  • 0 Likes

How to test DNS Security Properly?

In reading up on DNS Security I found that URL's provided for testing in the following document, Enabling DNS Security, do not accurately ensure DNS Security feature license is installed and configured. A very accurate indicator of this is that all of those URL's are adequately blocked on a firewall running PAN-OS 8.1.x due to the PAN-DB URL fil...

bspilde by L4 Transporter
  • 24710 Views
  • 1 replies
  • 1 Likes
  • 545 Posts
  • 78 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks