Modify Security Policy rule - application depends on

when creating rules sometimes you see the "Depends On" in the right side in the Application screen and it lists "websocket or ssl". If I specify specific applications like ms-update or etc and it shows depends on "ssl or websocket" on the right, woul

Administrator Login using Azure Groups through Cloud Identity Engine

I seem to be finding conflicting info (or none at all) and everything I've tested so far hasn't worked.  

Is it possible to authenticate an Azure user through Cloud Identity Engine and then give them 'administrator' access to Panorama/PanOS based o

Technical Inquiry – Does PA-400 Series Support USG/BSG Functionality?

We are evaluating the PA-400 Series (including PA-410, PA-415, etc.) for use in an industrial SCADA application that is subject to critical cybersecurity requirements, particularly those set by our national utili

Question About Categorizing Domains to Suppress Correlated Events

Hi all,

We are using Palo Alto firewalls in our network, running PAN-OS 10.2.12-h6.

When navigating to Monitor > Automated Correlation Engine > Correlated Events, we often see entries like the following: “Host repeatedly visited uncategorized domain

STATIC NAT NOT WORKING

Please consider below topology in which PC-1 - 3 are connected to Cisco Switch and having a gateway 192.168.1.1 configure on firewall. Firewall rule is any any and all the PC can ping the IT PC with actual IP. Now I want to deal with the scenario whe

cli error messages during boot

Dear community,

after factory resetting one of our pa220s i am seeing multiple error messages during boot up

PA-410 HA Not synchronized error

Hi Team ,

I have PA-410 HA without PANORAMA. OS: 11.1.6-h3

not synchronized error

When I try to download or install DLP plugin.

Thanks

Sushant

CVE-2023-48795 Vulnerability

Hi Community,

I have my firewall been exposed to CVE-2023-48795 Impact of Terrapin SSH Attack. Currently, based on the Palo Alto Security Advisories, I could see that PAN-OS version that are above than 10.1.15 are unaffected to this CVE. Upon check

File Integrity Monitoring using Cortex via Corelation Rule

Dear all,

I'm looking for FIM on Linux (like etc/shadow),

I try with previous conversation use this query:

dataset = xdr_data

|filter event_type = FILE and (event_sub_type = FILE_CREATE_NEW or event_sub_type = FILE_WRITE or event_sub_type = FILE_RE

helps generate an XQL to notify when a USB is connected

I am trying to use Cortex XDR so that when a user connects a USB storage device I receive a notification by email.

so far I have used this XQL:

preset = device_control
| filter event_sub_type = ENUM.DEVICE_PLUG

which tells me when any USB device