Threat & Vulnerability
This forum provides information regarding how to detect and prevent the impact of vulnerabilities, malware, and other threats through the use of the Palo Alto Networks security platform.
458 PostsThis forum provides information regarding how to detect and prevent the impact of vulnerabilities, malware, and other threats through the use of the Palo Alto Networks security platform.
458 PostsTraps Advanced Endpoint Protection prevents cyber breaches by protecting and enabling users to conduct their daily activities, and automating prevention by autonomously reprogramming itself using threat intelligence gained from WildFire.
337 PostsA forum to ask or share about Data Loss Prevention (DLP) strategy. DLP ensures sensitive or confidential information doesn't leak outside of the corporate network. Let's rethink DPL together.
11 PostsThis forum is to discuss Palo Alto Networks' Next-Generation CASB, an integrated, multi-faceted CASB solution that helps security teams meet the security challenges of today.
9 PostsDiscussions about IoT Security — aka the Internet of Things — a cybersecurity strategy that safeguards against the possibility of cyberattacks which specifically target physical IoT devices that are connected to the network.
17 Posts
Using below user data script in aws ec2 instance i tried to install cortex xdr agent. During this process when i look into the system log i had found an error ./setup.sh: line 731: /opt/traps/bin/cytool: cannot execute binary file. Please let me know
...
Hello, everyone.
I would like to ask if anyone has used both XDR-Pro and XDR Prevent on the same XDR Tenant? XDR is judged by whether the Agent Profile has XDR-PRO enabled or not, right? Is there any problem with the Licence calculation? Thank you!
Hello Livecommunity. We are in a bind. We have numerous students on our school networks that are bypassing security profile rules with VPNs. So frustrating. I do have rulesets that look for annnomizers and proxies. I also have explicit rules that loo
...
In Cortex XDR, what changes on an endpoint could cause duplicate endpoint instances to appear?
Example: Host A appears twice, but one instance is connected, the other instance has a connection lost status and is using a different IP address.
Under
...
Good morning, I have a problem with Hyper-V and Global Protect VPN, when using the Global network connection does not work the network in Hyper-V even if I configure the PANGP Virtual Ethernet Adapter, does anyone know what can be done to make it wor
...
Are all of the Enterprise DLP functions performed in the DLP cloud service or are some of the functions performed on the NGFW?
From the E-DLP data sheet:
"Embedded in a next-generation firewall (NGFW) as a cloud-delivered service that inspects web
tr
Hi,
Regarding CVE-2023-38802, DDOS in BGP software, would this apply only to public ASNs/BGP sessions established on public internet? I have BGP configured on PAN firewalls but only running BGP over IPSec tunnels using private ASNs
I would thi
...
Hello,
While doing testing around our security controls, we did intentionally try to download Mimikatz onto an isolated workstation to see if Palo Alto blocks the download, however though Palo did alert with multiple threat names starting with "Hac
...
Hi Team
we have cortex XDR with pro per TB license. also we have configured syslog receiver in BVM we can see the raw data of cisco and vendor switches as well as routers. what my concern is, does possible to ingest this kind of data to data lake?
...
He is getting below sync error,
URL : mail.google.com/sync/u/0/i/s?hl=en&c=649&rt=r&pt=ji
I have gone through the below art
...
Hi all,
has anyone see this critical threat which is correlated in our environment with google mail?
This event started with content-8770-8365.
I can see that PaloAlto did some changes in Modified Anti-Spyware Signatures in release notes.
It simp
...
Good morning,
I would like to know if there is a way to leave a field blank when editing an asset. For example, when I change the information of an asset that has been detected wrongly, it does not allow me to leave the OS Family section blank. Is the
I want to align an engineer for the case raised mentioned in the subject. Please help in doing so asap
Hi Community,
Lately we are noticing on one of our clients environment where PA is flagging traffic to "mail.google.com" as Spyware. The captured signature is "sliver framework command and control traffic detection".
I did run the captured URL "m
...
Good morning everyone, I was wondering if there is a way to delete an asset in IOT Security. I think I should have put it that if at some point there was a device that has been detected correctly but for whatever reason has been removed should be abl
...