01-30-2015 05:53 AM
I frequently come across threat notifications where the info in the Threat DB is so sparse as to make the notification useless.
Take for example my threatid du jour, 13742.
"This signature detects NUCLEAR.Gen Command and Control Traffic."
That's it. Try googling around to see what this is all about.
How do you go about filling in the missing blanks in the ThreatDB?
What do I do, blindly reimage the machine(s) because I have no way of ruling out a false positive?
01-30-2015 06:00 AM
Try searching the Threat Vault for more information:
https://threatvault.paloaltonetworks.com/
For example, I did a search for "NUCLEAR" and got two hits
01-30-2015 06:00 AM
Try searching the Threat Vault for more information:
https://threatvault.paloaltonetworks.com/
For example, I did a search for "NUCLEAR" and got two hits
01-30-2015 07:08 AM
Thanks. I had only looked in the Spyware category (by threatid).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
