Welcome to the Threat and Vulnerability Forum The purpose of this forum is to discuss security vulnerabilities and threats. Palo Alto Networks believes that understanding todays threat landscape is critical to effectively detecting and preventing cyb...
We are investigating alerts of this DNS signature for x1.c.lencr.org.I'd expect that a match for a clear text string in a DNS Request that it is very unlikely this is a false detection.However to get alerts so quickly after this signature creation, s...
HelloCan anyone explain why this doesn't work?I added misoft5.s3.us-east-2.amazonaws.com and misoft5.s3.us-east-2.amazonaws.com/* to my blocked URL list.If I type in misoft5.s3.us-east-2.amazonaws.com in a browser I get the BLOCKED page. All is well....
Hi Team, Current PAN OS -8.1.10Customer had run a VAPT assesment where they came up with certain Vulnerability such as90317 - SSH Weak Algorithms Supported 70658 - SSH Server CBC Mode Ciphers Enabled 71049 - SSH Weak MAC Algorithms Enabled While chec...
Is there anyway to solve those VA issue? 1) 90317 - SSH Weak Algorithms Supported2) 42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)3) 70658 - SSH Server CBC Mode Ciphers Enabled4) 71049 - SSH Weak MAC Algorithms Enabled Kindly help plea...
Hi, I am getting this file blocked as 52041 The file is teams.nuspec sha256 644f0a6755a5574c940fa39bbbcc4a92722ae58ddf0161e665237c6b3252c7d6 This is inside the teams installer. Thanks BizBo
Good Day Everyone , Need your suggestions Google Drive is in our block list 'URL Filtering " , but i want to allow access for specific users . Can you please guide over this
CVE-2021-31166 vulnerability - any possible solutions from Palo to block this? Or create a custom signature.info I came across, but not sure if this is something Palo is planning on adding to their threat vuln protection signatures. See Microsoft has...
A conversation I have been hearing crop up is whether or not customers should be worried about Palo Alto being a Codecov customer and if that means that they are affected as well? Are only direct clients of Codecov affected?
Hi Team, Below screenshot states that the base url firebasestorage.googleapis.com comes under content delivery network and the sub Url comes under phishing where customer wants to know why they were not blocking by the firewall.Also while im checking...
Hi all , We do have a few questions on Logging. 1. Can we exclude the BYOD subnet from alerting as they flooding us with irrelevant logs. (both URL and Threat monitoring)2. Can we exclude some category in URL from sending syslog messages. Example her...
We have an iPad that is triggering our scan block policy as a host sweep. The iPad is attempting to connect to one external (Internet) IP over port 443. It's happened for the past few days to a different external IP each time. Threat vault info.Name:...
After installing a fresh version of PDQ Deploy and/or PDQ Inventory, got two threat notices of this, from our PDQ server to one of our servers it is supposed to scan.Thinking it is a false positive. Virus/Win32.WGeneric win32.wgeneric.bdakpv Threat T...
Hi, It's seems that this file signature should be disabled as it is an official and signed binary from Microsoft of the Silverlight Runtime File Hash: fe1f3cde0bacb77a297360b5e022087456b8bf5bLink to Virustotal report for the file: https://www.virusto...
We have been seeing alot of detections for smbv3 for file detections varying from pdf to any office document. Wildfire has been picking up the traffic, marking it as Threat and either resetting it or alerting on in. This monthly only we have had abou...
I upgrade from Pan os 9.1 to 10.0.5 and i foud some issue in any proxy website with URL category (proxy-avoidance-and-anonymizers ) like https://www.proxysite.com/ it bypass any blocked traffic even with ssl decryption policy ,however other category ...
on:
Mitigation recommendation for certain vulnerability assesment done by VAPT team
on:
Syslog to exclude BYOD subnets from logging
