This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.
About Advanced Threat Prevention Discussions
Welcome to the Advanced Threat Prevention discussion area. Here, we explore Precision AI-powered protection that stops zero-day malware, exploits, and command-and-control attacks in real time—ensuring proactive defense and resilience against today’s most sophisticated threats.

Discussions

Start a conversation

Welcome to the Threat & Vulnerability Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4172 Views
  • 0 replies
  • 0 Likes

CVE-2017-6770

Hi , I would like to know whether Palo alto able to detect this CVE-2017-6770 since i cant find this in threatvault . Is there any preventive solution from Palo Alto to safely guard this vulnerable from being taken advantage of? Thanks.

"Informational" threat has default action of "drop-reset"

Threat 30861 "Microsoft Windows Server Service NetrServerGetInfo Opnum 21 Access Attempt" has a severity level of "Informational" but a default action of "drop-reset". Is it common for such a low sev level threat to have such a drastic response? It seems like all of the others that I've spot checked have had an "alert" response. It's an older ...

Understanding what the widget for IP destination threats means

Hi All, I am new to Palo Alto - and manage a network, looking through the widgets there's one for destination ip, with the Threat radio button ticked. The widget shows lots of destinations, I have been asked the question does that mean attacks are coming from our network to the outside. From my browsing it means - connections to those locatio...

DarkNewt by L0 Member
  • 3275 Views
  • 0 replies
  • 0 Likes

Stop vulnerability scanning based on app-id

We have created a custom app id for internal only traffic that is currently generating false positives in our vulnerability scanning. We ideally would like to stop this particular app-id from being scanned for vulnerabilites or at least a specific vulnerability. Unfortunately I've found no way to create an exception based on ID. Application Over...

illuzian by L0 Member
  • 7518 Views
  • 1 replies
  • 0 Likes

Resolved! Threat been dropped and yet allowed on the next try?

Hi all. I am reviewing the "Threat" section on the Palo Alto firewall and I noticed some weird thing, perhaps it is normal, but I can't tell, thus this thread. There are couple of threat in the "Critical" category indicated with the "dropped" action. Yet when I opened the threat to see the details, I am seeing two timestamp for this event and...

spam-urls ?

Running PAN-OS 6.1.15 and content 709, when I filter for "spam-urls" (a category that I wasn't really aware of previously), Panorama returns "extremism" hits. Am I missing a trick here or is something broken?

notes01 by L2 Linker
  • 8604 Views
  • 4 replies
  • 0 Likes

Resolved! Setting enhanced security for spyware IDs 14978 and 14984

I am following the document at https://www.paloaltonetworks.com/documentation/71/pan-os/newfeaturesguide/content-inspection-features/enhanced-security-for-url-category-and-application-based-policy in order to change the default action for spyware IDs 14978 and 14984. This is on an anti-spyware profile I had already created and in use on an exist...

Bvance by L2 Linker
  • 8400 Views
  • 1 replies
  • 0 Likes

"Whitelist" a brute force attack

Hi all,we run a cron job from one intern server to another.Because of this we get alerts in the threat tab and the threat tab is full of this. I don´t want to see this alerts anymore. I create under Objects/vulnarebility protection/ a new profile:In the Log I see the threat ID 40031. Should I type in this Nr. in Vendor ID? What should I type in ...

bruceforce.jpg
Adrijana by L0 Member
  • 10200 Views
  • 2 replies
  • 0 Likes

Threat ID ranges definitions

Hello Threat Team, Hope everyone is well today. We came across a Threat ID 6000400 which falls under an Antivirus Signature Range: SWFZWS: 6000000 - 6000500 (Ref: https://live.paloaltonetworks.com/t5/Threat-Vulnerability-Articles/Threat-ID-Ranges-in-the-Palo-Alto-Networks-Content-Database/ta-p/59969 ). The problem is that the range does not exp...

image2.jpg
image005.png
Fedz by L0 Member
  • 9091 Views
  • 1 replies
  • 4 Likes

Vulnerability Protection Profile - Trigger Values in Exceptions

Hi,I'm having trouble understanding how trigger value adjustments work in Vulnerability Protection Profiles when IP exemption lists are used.I've looked online but not found anything that is 100% clear. I've created a Vulnerability Protection Profile.I've added an exception for a specific threat ID & added a selection of IPs and set them to ...

njuttner by L1 Bithead
  • 5045 Views
  • 1 replies
  • 0 Likes

Blocking malicious Java Script Web Attacks

I am seeing too many java script web attacks which are caught by Symantec Endpoint Protection on my end users Workstations. Some of them are listed below. Web Attack: Malicious Injected JavaScript 14Web Attack: Fake Jquery Injection 2Web Attack: Mass Injection Website 19Web Attack: W32.Ramnit Attack 4 What worries me is why doesn't our Firewall...

How to view the "Hits" of my Vulnerability Protection Rule

Hello Everyone,I am quite new to PA, so i would need your suggestion about this.I created a Vulnerability Protection Rule wherein my goal is once a Signature update arrives (Vulnerability signature), all those that are “Critical” would have an automatic Action of Drop. And that I dont need to manually set the action for "Critical" threat one-by-...

CriticalVulnerability.jpg
  • 545 Posts
  • 78 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks