-
Welcome to the Threat and Vulnerability Discussion Board
Welcome to the Threat and Vulnerability Forum The purpose of this forum is to discuss security vulnerabilities...
03-27-2017 Posted by N/A0 Replies3 Likes4588 Views
-
Spyware with DNS Protection
Hi All,Our Firewall drop DNS traffic of C&C (us.jaxonsorensen.club, news.sqllitlerver.info & log.oslog...
06-02-2020 Posted by Khai-Huynh3 Replies0 Likes143 Views
-
incorrect destination zone in threat logs
Hi,if the firewall is configured with zone protection profiles and the setting "set system setting additional-...
06-03-2020 Posted by JuergenHolzer1 Replies0 Likes83 Views
-
DNS issues after implementing GeoBlock policy.
Hey guys, wanted to see if I can can get any input on this here - had to Geoblock one of the countries for inb...
05-28-2020 Posted by MKarasev2 Replies0 Likes175 Views
-
SSL Self Signed Certificate Vulnerability
Does anybody know how to mitigate this vulnerability? This is being detected on our PA-3020 series firewalls r...
05-28-2020 Posted by Fr4nk42 Replies0 Likes186 Views
-
Microsoft office/teams malicious traffic
We are seeing bunch of Microsoft office 365/teams related traffic categorized as vulnerable/virus. But we don'...
05-19-2020 Posted by raji_toor1 Replies0 Likes279 Views
-
Malicious traffic blocked by PAN : Virus/Win32.WGeneric.ajbe...
Hi Team,These are the below sign identified in our network and want to know the reason for this trigger.Please...
05-14-2020 Posted by Veerendra7 Replies0 Likes822 Views
-
Virus/Win32.WGeneric.ajqxax
Starting yesterday I have seen virus alerts on my firewall relating to the above virus. The file names in ques...
05-14-2020 Posted by hhiggins1 Replies0 Likes292 Views
-
SSH protocol uses Weak key exchange algorithms in PA 500 fo...
Hi Team , PA 500 with 8.1.14 (latest OS ) is having the VulnerabilitySSH protocol uses Weak key exchange algor...
05-12-2020 Posted by Shashihm4 Replies0 Likes508 Views
-
How to stop MortiAgent Malware using the snort rule ?
Software Version9.0.5Problem Description: How to stop MortiAgent Malware using snort rule ?I want to stop the ...
05-07-2020 Posted by Mohammed_Yasin2 Replies0 Likes409 Views
-
Question regarding "reset-both" action
I've been seeing alot of Code Executions on Palo Alto Threat logs, most of them are not applicable on our serv...
04-28-2020 Posted by miyaaccount5 Replies0 Likes804 Views
-
We have enabled ssl inbound decryption and able to exploit t...
We have ssl inbound decryption configured and from outside we are able to exploit the vulnerabilty.Need to kno...
05-06-2020 Posted by MP182 Replies0 Likes374 Views
-
Microsoft Directory Services/ms-ds-smbv3 - Virus/Win32.WGene...
We are see numerous alarms from our SIEM from our Palo Alto firewall. Here is a copy of a scrubbed log message...
05-05-2020 Posted by NiganDong1 Replies0 Likes290 Views
-
Minemeld Syslog Miner Not parsing Messages
Hi, I am working with a new installation of Minemeld running on ubuntu 16.04. if I do a TCP dump I can see the...
04-28-2020 Posted by mmatos1 Replies0 Likes325 Views
-
Tofsee TLS Fingerprint Detection
Hi all,Since the moment we updated our threat database to 8204-5736 we see THOUSANDS of 'Tofsee TLS Fingerprin...
10-31-2019 Posted by Stephen_Elliott24 Replies7 Likes6539 Views
-
How to detect zip bomb file?
Hi,I got following new malicious nature.https://fossbytes.com/zipbomb-unzips-46mb-file-into-4-5-petabytes/http...
07-17-2019 Posted by Mt_1031 Replies0 Likes2186 Views
-
Virus/Win32.WGeneric.ajdriy - OneDriveSetup.exe
Hi,Since yesterday April 13/2020 I have been getting Virus alerts in the Threat log on my PAN 3020. It has poi...
04-14-2020 Posted by hhiggins12 Replies1 Likes3993 Views
-
DNS sinkhole v9.0.1
Have 2 HA VMs with 9.0.1Following this article:https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/threa...
04-11-2019 Posted by ash838 Replies0 Likes3721 Views
-
HIP Report information
Hi,Is possible to extract the parameters showed after click the "magnifiying glass" button in Monitor --> H...
10-10-2019 Posted by RicardoNeira4 Replies0 Likes2585 Views
-
SkyVPN - Really a C2 threat?
Hi, I have just spotted a treat alert of SkyVPN C2 traffic (ID 18871) in my logs and looked at the entry on th...
03-31-2020 Posted by djr0 Replies0 Likes372 Views
-
VPP Block IP and URL Filtering
I have two questions, one of vulnerability protection and the other on URL FilteringFor Vulnerability Protecti...
03-23-2020 Posted by ce10289 Replies0 Likes2392 Views
-
Wildfire - no file information
Why there is no file information for what was detected as a virus(Virus/Win32.WGeneric.aiqckt). It shows under...
03-19-2020 Posted by raji_toor1 Replies0 Likes665 Views
-
URL Filtering
http://shodan.io/ URL is categorized as hacking website.Can someone advise as internal users want access to it...
02-06-2020 Posted by FIDELE8 Replies0 Likes2475 Views
-
ProxyGate.net
Tips appreciated on how to identity and potentially block proxygate.net clients on a campus network. Proxygate...
02-19-2020 Posted by groundLoop2 Replies0 Likes942 Views
-
Suspicious TLS Evasion Suggestion
In our environment, we use another product for web traffic decryption/inspection. Since that product acts as a...
01-17-2020 Posted by Mr_Kaplan2 Replies0 Likes1086 Views
-
EDL - Talos block list
I have various EDLs setup on various different PA models. Some work, and populate the list with IP's and effec...
09-18-2017 Posted by solarstone8 Replies1 Likes8142 Views
-
When will PAN signatures be available for CVE-2019-0708 ?
When will signatures be available for this?
05-15-2019 Posted by jgates014 Replies5 Likes5178 Views
-
PA-820 Threat License attack passed
Hello Guys,This is my first post here and I am very sad.I am big fan of PA and had a couple of implementations...
01-30-2020 Posted by KaloyanKirchev1 Replies0 Likes814 Views
-
Reconnaissance Protection tresholds
Hello there,I am in the process of configuring our reconnaissance protection profile and need some advice on b...
11-12-2019 Posted by Gregoryp3 Replies0 Likes1800 Views
-
DNS Tunneling
Im trrying to detect dns tunneling with custom signatures.i have some snort rules to begin.some of you have an...
02-05-2020 Posted by Torito1 Replies0 Likes782 Views
-
MineMeld sweet32/upgrade?
Getting sweet32 detected on mindmeld server. Trying and failing to update.What is update process for Ubuntu 16...
02-06-2020 Posted by craymer0 Replies1 Likes725 Views
