class not found

Hello,

I wrote a prototype from panos class.

then created local prototype in committer-config.yml, restarted minemeld, everything is up and running.

Then I created the prototype in /opt/minemeld/local/prototypes/***.yml, I can see it in Web UI.

I cloned

Threat Logs

I believe I have everything configured correctly for threat prevention.  Able to see traffic in every log type except for threat.  Licensed and download/install is up to date.  Been through some generic troubleshooting steps that haven't helped.  Any

Allowing ms-update on app-default, File blocking PE and therefore no windows updates

New PAN implementation and blocking per PA best practice (PE, multi-level, etc..) and allowing ms-update on application default.  However the WSUS server is not able to download any updates and its classifying a PE file as a threat.  The file in ques

Zone protection working and logging

Hi dears, 

I have a query regarding working of #ZoneProtection.

What should be the action for #flood protection ?

Does the packet allowed or security policy will be checked?

Also, packet capture should work if such flood is detected but i am not gett

Blocking Tor with Toro

I recently had to work with local and federal law enforcement to resolve the following.

http://www.ktvz.com/news/mtn-view-hs-bomb-threat-traced-to-eugene-14-year-old/653184885

Because of this, I've created a small piece of software (MIT Licensed) tha

Changing Severity Alerts for Specific Vulnerability Severity

One of the logging capabilities allows us to provide an email for certain severity alerts.  We are getting innodated with alerts coming in from the baddies on the internet for certain types of alerts.  For instance, there is the "Netis/Netcore Router

THREAT false positives on MS software when using Global Protect.

I'm seeing what look slike a lot of false positives when using global protect. For example, Microsoft's Logon.exe excutable and any MS Endpoint patches

An example is

AM_Engine_Patch_1.1.15400.4.exe
SHA-256 Hash: 74f9dc35fc9f5ab02e46843e8ccf569478961ea58

Issue Content release 8061-4973 on PAN-OS 8.1

Hi all,

We have experienced big issues after content release 8061-4973 was installed on our 3250 with PAN-OS 8.1.3:

- Threat id 40736 was suddenly blocking a lot of letigimate http(s) traffic.

- Radius authentication worked randomly, but 95% of the ti

How to avoid vulnerability CVE-2018-10933

 Hello , 

recently i heared about  CVE-2018-10933 ,  i have software version 8.1.3 

 i am asking if the our software version is affected by this CVE , which  is related to Libssh .

thanks , 

Moustafa

Any way to test DoS protection policy in the lab setup

Hello

i am looking for a way to test DoS protection policy in the lab environment before we implement it in production and wondering if there is tool (or linux-based traffic generator) that might be able to assist in generating traffic that will trigg

Cisco Umbrella/OpenDNS queries now being flagged as threat 18003

We use Cisco Umbreall/OpenDNS for secure DNS and web protection. 

Cisco Umbrella setup guide says that they use DNSCrypt for secure DNS queries.

This setup has worked flawless for years until about two weeks ago,. We began getting alerts that the two

Exceptions aggregation criteria

What does these options for aggregation criteria actually mean when creating exceptions in vulerabilit profile - source, destination or by source and destination.

And also track by IP source and IP source destination

Sinkhole dns-wildfire

How does the dns-wildfire threat category work? I've seen a log entry, but there isn't any traffic to the sinkhole IP. The action is sinkhole and reported as generic:malicious.domain1. I have confirmed that sinkhole does work for regular threat categ