Advanced Threat Prevention Discussions

Welcome to the Threat & Vulnerability Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Houdini RAT

Hi Team,

Please let us know whether Palo Alto firewall has updated signatures to detect Houdini RAT

Thanks and Regards,

TAC

Stop vulnerability scanning based on app-id

We have created a custom app id for internal only traffic that is currently generating false positives in our vulnerability scanning.

We ideally would like to stop this particular app-id from being scanned for vulnerabilites or at least a specific vu

...

Resolved! Threat been dropped and yet allowed on the next try?

Hi all. I am reviewing the "Threat" section on the Palo Alto firewall and I noticed some weird thing, perhaps it is normal, but I can't tell, thus this thread. There are couple of threat in the "Critical" category indicated with the "dropped" actio

...

spam-urls ?

Running PAN-OS 6.1.15 and content 709, when I filter for "spam-urls" (a category that I wasn't really aware of previously), Panorama returns "extremism" hits. Am I missing a trick here or is something broken?

Resolved! Setting enhanced security for spyware IDs 14978 and 14984

I am following the document at https://www.paloaltonetworks.com/documentation/71/pan-os/newfeaturesguide/content-inspection-features/enhanced-security-for-url-category-and-application-based-policy in order to change the default action for spyware IDs

...

"Whitelist" a brute force attack

Hi all,

we run a cron job from one intern server to another.

Because of this we get alerts in the threat tab and the threat tab is full of this. I don´t want to see this alerts anymore.

I create under Objects/vulnarebility protection/ a new profile:

In

...

Threat ID ranges definitions

Hello Threat Team,

Hope everyone is well today. We came across a Threat ID 6000400 which falls under an Antivirus Signature Range: SWFZWS: 6000000 - 6000500 (Ref: https://live.paloaltonetworks.com/t5/Threat-Vulnerability-Articles/Threat-ID-Ranges-in-

...

Vulnerability Protection Profile - Trigger Values in Exceptions

Hi,

I'm having trouble understanding how trigger value adjustments work in Vulnerability Protection Profiles when IP exemption lists are used.

I've looked online but not found anything that is 100% clear.

I've created a Vulnerability Protection Profile

...

Blocking malicious Java Script Web Attacks

I am seeing too many java script web attacks which are caught by Symantec Endpoint Protection on my end users Workstations. Some of them are listed below.

Web Attack: Malicious Injected JavaScript 14
Web Attack: Fake Jquery Injection 2
Web Attack: Mas

...

Fireball Malware Detection

Hello,

Is there a specific Threat ID or someting else that I can use to identify which systems, if any, are infected with Fireball?

How to view the "Hits" of my Vulnerability Protection Rule

Hello Everyone,

I am quite new to PA, so i would need your suggestion about this.

I created a Vulnerability Protection Rule wherein my goal is once a Signature update arrives (Vulnerability signature), all those that are “Critical” would have an automa

...