This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
About Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.

Discussions

Start a conversation

Welcome to the Threat & Vulnerability Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4171 Views
  • 0 replies
  • 0 Likes

Resolved! Block grayware files?

We have recently had a few grayware alerts come through and i was wondering is there anyway files marked as grayware in WIldfile could be blocked the same as they are for malicious files? Thanks

CRDF18 by L2 Linker
  • 10104 Views
  • 5 replies
  • 0 Likes

Resolved! Default Action for SQL Injection Attacks

Following a sudden spike in SQLMap threats, I was looking at the default action for SQL injection threats and I noticed that it is is only an "alert" which seems odd for that kind of attack. Has anyone looked deeper into this and/or changed the action and is there a reason for this not being a reset/drop action?

djr by L4 Transporter
  • 23995 Views
  • 6 replies
  • 0 Likes

Cisco Umbrella/OpenDNS queries now being flagged as threat 18003

We use Cisco Umbreall/OpenDNS for secure DNS and web protection. Cisco Umbrella setup guide says that they use DNSCrypt for secure DNS queries. This setup has worked flawless for years until about two weeks ago,. We began getting alerts that the two IP address from OpenDNS (Cisco Umbrella) are now being flagged periodically as threat 18003 DNS ...

Sinkhole dns-wildfire

How does the dns-wildfire threat category work? I've seen a log entry, but there isn't any traffic to the sinkhole IP. The action is sinkhole and reported as generic:malicious.domain1. I have confirmed that sinkhole does work for regular threat category dns and is reported as Suspicious DNS Query (generic:malicious.domain2).

mike406 by L2 Linker
  • 4770 Views
  • 1 replies
  • 0 Likes

Authorized file suddenly blocked as threat

We came into the office this morning to receive reports from users that they weren't able to access their core application which runs on apache web server. When they login, the internet explorer URL directs the users to www[whatever-url]com/login.jsp . Our clients download the file login.jsp when they access the login portal for the webpage. ...

Resolved! URL wildcard use

We have insufficent-content category blocked. And when trying to allow a specific url using wildcard i am having issues. when *.figuringoutmelody.com is used it is allowed on port 80 only while ssl gets blocked. website seems to redirect form www.figuringoutmelody.com to https://figuringoutmelody.comand when i used figuringoutmelody.com just as ...

image.png
image.png
raji_toor by L4 Transporter
  • 14039 Views
  • 2 replies
  • 0 Likes

MINEMELD CSV OUTPUT to ArcSight Logger SIEM

Hi, I've MineMeld running on Ubunto 14.04 TLS and everythings Ok.Cunfigured CEF output e now I'm looking for a CSV output, that is for inputing on ArcSight Logger in order to use this csv in Lookups to match events. Has anyone found/created any node output like this?Serached on github and here but withou success. Thanks

Fumaca14 by L0 Member
  • 3476 Views
  • 0 replies
  • 0 Likes

C&C Traffic Direction re China Chopper

Hi, sorry if this is a stupid question, maybe we need a Reddit-style "ELI5" forum ;o) I have been turning a blind eye to a background hum of China Chopper alerts for some time, so I thought I would try to understand what is going on. The thing is the threat reports are showing Inbound China Chopper C&C traffic to some of our servers. It's...

djr by L4 Transporter
  • 6371 Views
  • 2 replies
  • 0 Likes

Help with Microsoft DCE RPC Big Endian Evasion Vulnerability 33510

I have Googled this and read up on numerous links, but I cannot find anything of value on this threatID. I have 30-40 events a day from various IP addresses on my network, usually 1 event per IP, sometimes 2 events. I have scanned several of the PC's with 3 different popular scanners, nothing found. I have monitored the traffic from the PCs an...

smc007 by L1 Bithead
  • 7096 Views
  • 1 replies
  • 0 Likes

Blocked URL's are not getting blocked anymore

I configured a URL filering profile that doesnt filter any topic & just blocks 2 URL's as a test. This was working a few days ago but stopped. There have been no new changes commited since & the security policy is still in the same order. Even looking at the policy it makes no sense why this is not working. I have a security profile ...

Capture.PNG
Capture.PNG

Threat blocked by Palo Alto: Is there anything else to do?

Hi, When the Palo Alto blocks a communication that is flags as a threat (ie: SQL Injection, XSS, etc.), should we investigate the target IP to make sure that the threat was blocked? The reason I'm asking is that whenever the Palo Alto blocks an attack from an IP address (Session End Reason is "threat"), if we go in the "Traffic" view, we can see...

yschinck by L1 Bithead
  • 4712 Views
  • 2 replies
  • 0 Likes
  • 545 Posts
  • 78 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks