Advanced Threat Prevention Discussions

Welcome to the Threat & Vulnerability Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! PAN-OS logs

I looking for the log file that tracks the IP addresses of devices that have connected to our Palo Alto Networks firewall.

I am interested in any logs that show source and destination IP addresses for network connections.

Could you please point me to

...

CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)

It is suggested to upgrade to version 10.2.12-h2 to remediate the vulnerability. However, the firmware version 10.2.12-h2 is currently in monitoring status. It is also mentioned that the same fix is available in version 10.2.10-h9, which is the prefe

...

Resolved! Are there signature release for following vulnerabilities?

Hello
I'm Tomoyuki Nakamura.

Are there any plans to release signature for the vulnerabilities below?.
These were not listed in THREAT VAULT or Security Advisory.

CVE-2024-8932
CVE-2024-11236

Best Regards,
Tomoyuki Nakamura

Resolved! Does vulnerability-CVE-2023-51385 have any impact on PanOS firewalls, Panorama or Wildfire?

In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodul

...

CVE-2023-50164 Apache Struts Vulnerability

Hi I would like to enquire if any Palo Alto products are affected by the above vulnerability.

Thanks.

Container Base images

In Prisma cloud how do i track base images. that is the know who is using the defined base images and who is not using them. like can i get a list of all containers leveraging the defined base images?

Wrong behavior of Advanced URL filter

Dear experts,

Here is my question:

Our customer has registered new URL domains and configured the firewall to block all newly registered domains via the URL filtering configuration. They noticed that the new domain is NOT blocked right away but abo

...

reverse TCP shells and other potential backdoor connections

Hi Team,

Just one of our customer received an security query points where they wanted the firewall to block reverse TCP shells and other potential backdoor connections.

For backdoor i have went through the backdoor signatures in threat vault.

So we ha

...

Resolved! Cannot update Adobe Creative Cloud

We cannot update Adobe Creative cloud when on our network or Global protect. What I'm seeing is in the Threat logs for adobe-creative-cloud-base threat ID 678983911, content version Antivirus-4995-5513,

ccmdls.adobe.com/AdobeProducts/KCCC/1/win64

...

False Positive

Hello,

Please fix false positive detection:

https://www.virustotal.com/gui/file/5259f523e41ffa42af0753df4c020f911a585b311c3267f17703c14920a352b8?nocache=1

Thank you!

Open port 9339 - CVE-2016-2183

Hi,

After the update PA to version 11.1.0 (currently we are using version 11.1.1 but the problem still exists), Nessus discovered open TCP port 9339 and alerted about vulnerability SWEET32 (screen attached below).

It is weird, because port 9339 is u

...

Resolved! Geolocation Address Groups

Does anyone know if you can create Geo-location address groups? I want to create a group for all the bad Countries instead of having to add all the Countries to every Geo-location rule.

Example: Add Russia, Crimea, North Korea, Iran, etc.. into a "Ba

...

Update PAN-OS 11.1.0 to 11.2.1?

Hi all -

With regard to CVE-2024-3400 PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect and other issues, our PA-820 is running PAN- OS 11.1.0, should it be updated to PAN-OS 11.2.1?

Thank you

Resolved! App & Threat Content Comparison Utility

There's an App & Threat Content Comparison Utility that I can't seem to locate. Is there anyone here with knowledge of this utility that can provide the link.

Thanks in advance,

KG

False Positive: Virus/Win32.WGeneric.eefmlb on stream.x64.x-none.dat

Started getting false positives on our SCCM server after a repackaging of Microsoft Office 365 source, looks to be specifically on the data file for Microsoft Stream client. VirusTotal comes up clean.