Multiple events "A Successful login from TOR"

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Multiple events "A Successful login from TOR"

L1 Bithead

Hi,

 

We are seeing a lot of events from CORTEX "A Successful login from TOR".  Anyone else with this problem?

 

Seems to be a bug.

 

 

18 REPLIES 18

L0 Member

Yes, registered here just to confirm I'm not the only one

L0 Member

We're seeing the same thing as well.  Still trying to get confirmation from Palo Alto.

L1 Bithead

We have a Palo Alto partner that told it is a false-positive and the events started when this BIOC was update, but it will be good a confirmation from Palo Alto

 

L0 Member

Seeing the same thing. Started about hour and a half ago. Makes no sense to us. Opened a case with support but haven't been contacted yet. Looks like a BIOC rule issue to me.

L0 Member

We were seeing the exact same things but the alerts stopped about 20 min ago.

L0 Member

Looks like it is this BIOC update that has caused the problem. Info on the update here.

https://live.paloaltonetworks.com/t5/cortex-xdr-articles/content-release-notes/ta-p/257570

L2 Linker

Same here.  No Official answer yet from PaloAlto Support

L2 Linker

Same here...

 

L4 Transporter

Hi everyone!

 

Thanks for reaching out to LIVEcommunity!

 

It appears that you guys are aware of an ongoing issue at the moment.  It appears a bad BIOC rule went out with a recent Content Update.  Our support teams are aware and they are currently working on the issue.

 

Right now there's nothing you need to do.  You don't need to start a support case.  

 

As the situation changes I'll try to make sure that this thread is updated with any new information.

Hi Anlynch

 

Thank you for your answer.

Could you share the Paloalto's official communication in this threat when it's resolved?

Thank you in advance,

Best regards.

L0 Member

We had the same issue. 15 alerts from 3:06PM to 4:03PM CST.

L0 Member

Love getting woken by the NOC for false positives

116 Alerts from 06:09 to 07:23 AEST (UTC+10)

L0 Member

Confirmed bug by Palo Alto - Cortex support !

L0 Member

We did see this issue today creating continuous alerts for this BIOC rule for almost 2 hours. The community sharing really helped. 

  • 13454 Views
  • 18 replies
  • 8 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!