General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Threat email alert throttling

We're setup to email threat alerts, and are getting an email for every alert generated.

Is there a way to throuttle the emails? Particularly for a single threat that is blocked, we don't need 60 emails/min for all the blocks. It would suffice for the

...

CHKlomp by L2 Linker
  • 2586 Views
  • 2 replies
  • 0 Likes

Demisto and Minemeld Integration

I was looking at Demisto and one of the supported integration was Minemeld. I tried adding our Dev Minemeld instance and was having an error saying : TypeError: HTTPError() is not JSON serializable.

I was wondeinrg if anyone was succesfully able to i

...

How to filter O365 API feed?

I would like to filter for indicators with the category "allow" or "optimize" only. How would you define the filter for that? I cannot find that much information regarding filtering using a processor. I hope my steps are correct? 

  1. create a new protot
...

mfepan by L1 Bithead
  • 11333 Views
  • 14 replies
  • 1 Likes

Resolved! Office 365 MineMeld Miner Will Need Updating

Microsoft has announced a change to their Office 365 address and url documentation that I believe will need to be taken into account on the O365 miner in MM.

 

https://myitforum.com/microsoft-phasing-out-office-365-urls-and-ip-address-ranges-resource

...

Resolved! Polling JSON Format for Okta

I am trying to create a prototype for a Miner that pulls IP's from a JSON formatted file. I have looked at the documentation for setting up a JSON miner (https://live.paloaltonetworks.com/t5/MineMeld-Articles/Using-MineMeld-to-extract-indicators-from

...

doliver1 by L0 Member
  • 12473 Views
  • 7 replies
  • 0 Likes

Dynamically extract Autofocus tags

I would like to dynamically extract Autofocus tags with all of it's definitions(HTTP Activity, File Activity, Mutex Activity, Registry Activity, Digital Signer,...) to a csv file, or as a feed using Minemeld.

Nonsense configuration changes from "preview changes"

Hello everybody,

 

  from time to time, whenever I commit small changes to my PAN firewalls, if I click on the "Preview changes" button I see (beside my changes) a list of items and configuration partials that are moved around, ie custom report configu

...

grenzi by L3 Networker
  • 3142 Views
  • 2 replies
  • 0 Likes

Global Protect user id and machines

Hi ,

 

Is there anywhere that I can restrict that client vpn user "BOB "using the global protect that can connect only once and not many times the same time from different systems like I have users connecting from the mobiles , tablet and computer the

...

App-id Matching Process

I'm running PA-VM and created with one active rule:

 

From: Inside

To: Outside

Application: Web Basic Application group (ssl,dns,web-browsing,ping)

Service: application-default

Action: Allow

SSL Decryption is disabled

 

 

 

I'm facing issues browsing to website

...

PA-Rules.png
linkedin-server-certificate.png
zizo94 by L0 Member
  • 4224 Views
  • 2 replies
  • 0 Likes

SLL Forward Decryption and Spotify

Hi All,

 

Today I decided to implement SLL Forward decryption. Everything is working great except for one thing, Spotify.  I know what you'll say, "You allow spotify?. Yes, but just for me. With decryption disabled spotify works fine, with it enabled i

...

Adding sub interface to existing interface

We are currently using our 3260 firewall to handle BGP to our MPLS router.
the connection is trunked through our core switch, Native 200, allowed 200 & 255 (mgt & bgp respectively)

Router 1:

G0/1 10.200.254.3 (mgt)

G0/1.255 10.255.255.129/30
Firewall:

E4 1

...

  • 24034 Posts
  • 102 Subscriptions
Top Liked Authors
Labels