For details on cookie usage on our site, read our Privacy Policy
The hunt is on - 0day for java 1.7u10
- LIVEcommunity
- Discussions
- General Topics
- Re: The hunt is on - 0day for java 1.7u10
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
- Mark as New
- Subscribe to RSS Feed
- Permalink
01-10-2013 01:21 PM
How many hours/days will it take for:
1) Wildfire customers
2) Regular customers
to get protected by a threat-db update regarding the latest 0day exploit for java 1.7u10 (and possible java 1.6u38) as descibed in:
Malware don't need Coffee: 0 day 1.7u10 spotted in the Wild - Disable Java Plugin NOW !
http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/
http://www.cert.se/sarbarheter/sr/sr13-006-oracle-0-day-i-java
?
- Mark as New
- Subscribe to RSS Feed
- Permalink
01-15-2013 05:00 AM
In PA-5.0 admin guide, it say "Supported file types include Win32 Portable Executable (PE) files (e.g. exe, dll, and scr)."
So wildfire scan is still limited to PE files..
Additionally,
File types can be analyzed even if they are compressed (zip, gzip) or over SSL if decryption is enabled in the policy.
And supported file types that are zipped will automatically be sent to WildFire. Don't need to put zip file type in file type box.
- Mark as New
- Subscribe to RSS Feed
- Permalink
02-19-2013 12:47 PM
What is the PA Content update doing for me ? I am a little confused about this set of vulnerabilities. Are there active exploits ? If so, how is PA Stopping/Blocking them ? How could I look in the logs to see specifically which machines are infected / vulnerable.
Thanks,
Justin
- Mark as New
- Subscribe to RSS Feed
- Permalink
02-20-2013 02:40 AM
I think this document should be a good start for you:
Threat Prevention Deployment Tech Note
https://live.paloaltonetworks.com/docs/DOC-3094
And as a bonus:
Designing Networks with Palo Alto Networks Firewalls
https://live.paloaltonetworks.com/docs/DOC-2561
Diagrams and Tested Configurations
https://live.paloaltonetworks.com/docs/DOC-2560
The PA content update is available in two flavours, one with only the appid db and one with appid and threats merged together (which one you use depends on if you have the threat license active or not).
The threat part is then used in the IPS and AV configurations. What you usually do is that you create a threat-profile which you then assign to the security rules you wish to get investigated. An easy example is to create a threat profile with the following configuration:
critical: block
high: block
medium: block
low: default
information: default
This means that threats classified as critical, high and medium will be blocked while threats classified as low and information will use the paloalto recommended default action for each identified threat.
To log the events your security rule must have logging enabled (if im not mistaken) - usually you log on session end.
- Mark as New
- Subscribe to RSS Feed
- Permalink
02-20-2013 04:54 AM
Thanks for that reply. I appreciate it. We're already blocking high and critical threats. Management here has latched onto this specific Java 0 day threat. They want to know which machines are vulnerable. The issue for me is I really dont know what to look for in the logs. Whats the name or number asscociated with this particular set of threats. It seems that every security company has a different name or pattern.
- Mark as New
- Subscribe to RSS Feed
- Permalink
02-20-2013 10:55 AM
Hi Jhickey,
You can go to the following link. Here you can search the threats ( spyware, vulnerabilities, virues ) by names and there id's.
https://threatvault.paloaltonetworks.com/
This should make it easy for you to search for them.
Thank you
Numan
- Looking for some advice on Java Deserialization Protection and Jetbrains IDEA in Cortex XDR Discussions
- Applications hanging on terminal server since Cortex XDR Pro rollout in Cortex XDR Discussions
- Cordex XDR blocking SQL server connection in Cortex XDR Discussions
- CodeMeter protected application error "JVMTI" when using Cortex XDR in Cortex XDR Discussions
- 0day padding oracle exploit on PAN-OS master key decryption? in General Topics
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
