security profile malfunction detection

Does anyone have any good log events to key on for notifying when a security profile (antivirus, anti-spyware, vulnerability protection, url, file blocking, wildfire) may not be functioning properly?  I am thinking maybe trying to identify the log ev

URL Filtering Lookup Site Hosting

Has anybody noticed if the location of the Palo Alto URL Filtering test site has moved?

We were previously able to use this to lookup classifications of URLs, but recently we have not been able to.

Our geo-blocking policy prevents our traffic going o

Using XDR to detect and mitigate TunnelVision exploit - Anyone out there started to plan for this?

We have recently become aware of the TunnelVision Vulerability (Link to Ars Technic article on it - https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/ ) and are looking for ways to be pr

7zip false positive

Hello. I'm 99% sure this is false positive. I install 7zip 1 year ago, no updates.

SNMP Agent Default Community Name (public)

The community name of the remote SNMP server can be guessed.

It is possible to obtain the default community name of the remote SNMP server.

An attacker may use this information to gain more knowledge about the remote host, or to change the configurat

cytray.exe "bad image" errors following Agent update

Following the Cortex XDR Windows agent update to 8.3.0.49434 we started to see the following error affecting some application DLLs.

Clicking Ok makes the message go away and the application keeps working. TAC case was logged and an temporary Support

Query regarding CVE-2024-3400

Hi Team,

Please help me to understand the below:

Firewall 1 - 10.2, GP portal & Gateway, Device telemetry enabled

Firewall 2 - 10.2, only GP portal & gateway, no device telemetry enabled

Firewall 3 - 10.2, no GP portal and gateway, only device te

CVE-2024-3400 Unit42 Threat Brief / Private Data Reset

Unit42 updated the threat brief at Threat Brief: Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400 (Updated April 22) (paloaltonetworks.com) on 22 April to include remediation steps for each observed level of exploit atte

Query for CVE-2024-3400

Hello Team,

Work around is for mentioned vul is to install latest Applications and Threats content version

Applications and Threats content version 8833-8684 is already installed in our firewall, could you please confirm is our firewall affected?

How can I see if my FW has already been exploited by the CVE-2024-3400?

Hello team

How can we determine if your device logs match the known indicators of compromise (IoC) for this vulnerability?

I have already fixed the vulnerability and I have the TSF of my device and I want to see if I have been exploited before applyi

Firewalls

Hello, I am a student wondering, is a firewall the best for safeguarding sensitive information and network assets 

Is Pan-OS 10.1.12 susceptible to CVE-2023-51384 or CVE-2023-513845?

Is Pan-OS 10.1.12 susceptible to CVE-2023-51384 or CVE-2023-513845?

Our Tenable scans says it is, but I see no fix recommended for it (for any PAN-OS release).   We have updated our ciphers to remediate CVE-2023-48795 but it also still shows up on

How to choose signature for sql-injection?

Hi all, in palo alto, there are 380+ signatures which are related to sql injection, and the default action for all is set to "alert". Now we want to change the action to reset, can anyone please advise how to choose the signature? it is not possible