Welcome to the Threat and Vulnerability Forum
The purpose of this forum is to discuss security vulnerabilities and threats. Palo Alto Networks believes that understanding todays threat landscape is critical to effectively detecting and preventing cyb
...
Hello all,
I've been receiving these vulnerability alerts, ID 40031, for some time now between two servers, (DMZ to inside), using port 80 (SOAP) and the severity level is high, but I have the action set to "alert" which is the default. I truly do not
...
We are currently setting up policies to block all traffic to\from all countries except a select few. The rules are in place and seem to be working well. As a best practice, do you create a deny rule for all other out of country or do you just let th
...
Was using the dynamic updates for the app/threat stuff to ingest into my system as it was in an XML file format until recently switched to Binary. Is there anyway to convert that back?
Hi Team,
We are facing an error in wildfire reports after updagrade to 10.0.8h4 . it says wildfire reports refuse to connect.
Please suggest any solution to check but if i updgrade to 10.1.3 it is working fine in mylab.
Regards
Chetan
Good day,
This may be a silly question we have been getting memory corruption exploit Alerts from a certain endpoint. Client does see them as cause for concern.
On a single end point would it be cause for concern to see multiple memory corruption expl
...
Hi,
did anyone manage to write a custom signature to detect domain fronting?
PA extracts the Host header, so in theory it should be possible to detect if the Host header is different from the URL?
Alternatively, if one could log the Host header one co
...
I'm running my own Anomali STAXX server. I'm trying to ingest these Unit 42 feeds. Do they still exist? The page is still up and I registered and created my API keys. No matter what I try to do, I can't get Anomali STAXX to connect. https://stix2.un
...
Anyone else seeing a large number of threat alerts this morning for the new generic signatures added last night? Seeing dozens this morning coming from user document downloads from a trusted financial source. I haven't fully decrypted the data yet, b
...
Starting early Saturday morning (4/23) we started getting a large number of DNS threat alerts for 3 domains associated with the Solarwinds exploit. These domains are now resolving to multiple Leaseweb IPs (as I recall, they were NX previously). Diggi
...
Hello ,
Just want to know if PAN-DB and Advanced URL are different licensing
If Advanced URL is purchased , does it cover PAN-DB
We have a customer who puchased Advanced URL , but not PAN DB
Hi,
Since we have installed Apps & Threats update v8559-7361 we see that multiple ip address spaces are incorrect categorized.
Before the upgrade those ip address spaces where categorized as US and after the upgrade categorized as CN (China)
Is it poss
...
Hi,
Following the CVE-2022-0778 vulnerability, I would like to apply the workaround to reduce the risk of attack until the PAN-OS update is released.
According to the security ticket, you have to activate the Threat IDs 92409 and 92411 but how to do
...
CVE-2022-0778 Impact of the OpenSSL Infinite Loop Vulnerability CVE-2022-0778 (paloaltonetworks.com)
Further to this one, it mentions that Globalprotect is affected but doesnt say whether a client software update is required.
Do you know if the Global
...
howdy,
I can not get my head around how to do this.
Allow smtp from a country but block every other service, application.
You can negate countries but not services/applications.
can one do any/any with an exception?
Thank you
Hi,
One of our runs vulnerability Assessment on LAN Interface of the PA NGFW, And they are getting SSL/TLS Client-Initiated Renegotiation vulnerability, Please help me to remediate the same.
