-
Welcome to the Threat and Vulnerability Discussion Board
Welcome to the Threat and Vulnerability Forum The purpose of this forum is to discuss security vulnerabilities...
03-27-2017 Posted by N/A0 Replies3 Likes4525 Views
-
Microsoft office/teams malicious traffic
We are seeing bunch of Microsoft office 365/teams related traffic categorized as vulnerable/virus. But we don'...
05-19-2020 Posted by raji_toor1 Replies0 Likes164 Views
-
Malicious traffic blocked by PAN : Virus/Win32.WGeneric.ajbe...
Hi Team,These are the below sign identified in our network and want to know the reason for this trigger.Please...
05-14-2020 Posted by Veerendra7 Replies0 Likes494 Views
-
Virus/Win32.WGeneric.ajqxax
Starting yesterday I have seen virus alerts on my firewall relating to the above virus. The file names in ques...
05-14-2020 Posted by hhiggins1 Replies0 Likes184 Views
-
SSH protocol uses Weak key exchange algorithms in PA 500 fo...
Hi Team , PA 500 with 8.1.14 (latest OS ) is having the VulnerabilitySSH protocol uses Weak key exchange algor...
05-12-2020 Posted by Shashihm4 Replies0 Likes328 Views
-
How to stop MortiAgent Malware using the snort rule ?
Software Version9.0.5Problem Description: How to stop MortiAgent Malware using snort rule ?I want to stop the ...
05-07-2020 Posted by Mohammed_Yasin2 Replies0 Likes291 Views
-
Question regarding "reset-both" action
I've been seeing alot of Code Executions on Palo Alto Threat logs, most of them are not applicable on our serv...
04-28-2020 Posted by miyaaccount5 Replies0 Likes564 Views
-
We have enabled ssl inbound decryption and able to exploit t...
We have ssl inbound decryption configured and from outside we are able to exploit the vulnerabilty.Need to kno...
05-06-2020 Posted by MP182 Replies0 Likes245 Views
-
Microsoft Directory Services/ms-ds-smbv3 - Virus/Win32.WGene...
We are see numerous alarms from our SIEM from our Palo Alto firewall. Here is a copy of a scrubbed log message...
05-05-2020 Posted by NiganDong1 Replies0 Likes210 Views
-
Minemeld Syslog Miner Not parsing Messages
Hi, I am working with a new installation of Minemeld running on ubuntu 16.04. if I do a TCP dump I can see the...
04-28-2020 Posted by mmatos1 Replies0 Likes237 Views
-
Tofsee TLS Fingerprint Detection
Hi all,Since the moment we updated our threat database to 8204-5736 we see THOUSANDS of 'Tofsee TLS Fingerprin...
10-31-2019 Posted by Stephen_Elliott24 Replies7 Likes6256 Views
-
How to detect zip bomb file?
Hi,I got following new malicious nature.https://fossbytes.com/zipbomb-unzips-46mb-file-into-4-5-petabytes/http...
07-17-2019 Posted by Mt_1031 Replies0 Likes2046 Views
-
Virus/Win32.WGeneric.ajdriy - OneDriveSetup.exe
Hi,Since yesterday April 13/2020 I have been getting Virus alerts in the Threat log on my PAN 3020. It has poi...
04-14-2020 Posted by hhiggins12 Replies1 Likes3010 Views
-
DNS sinkhole v9.0.1
Have 2 HA VMs with 9.0.1Following this article:https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/threa...
04-11-2019 Posted by ash838 Replies0 Likes3494 Views
-
HIP Report information
Hi,Is possible to extract the parameters showed after click the "magnifiying glass" button in Monitor --> H...
10-10-2019 Posted by RicardoNeira4 Replies0 Likes2428 Views
-
SkyVPN - Really a C2 threat?
Hi, I have just spotted a treat alert of SkyVPN C2 traffic (ID 18871) in my logs and looked at the entry on th...
03-31-2020 Posted by djr0 Replies0 Likes321 Views
-
VPP Block IP and URL Filtering
I have two questions, one of vulnerability protection and the other on URL FilteringFor Vulnerability Protecti...
03-23-2020 Posted by ce10289 Replies0 Likes2072 Views
-
Wildfire - no file information
Why there is no file information for what was detected as a virus(Virus/Win32.WGeneric.aiqckt). It shows under...
03-19-2020 Posted by raji_toor1 Replies0 Likes575 Views
-
URL Filtering
http://shodan.io/ URL is categorized as hacking website.Can someone advise as internal users want access to it...
02-06-2020 Posted by FIDELE8 Replies0 Likes2202 Views
-
ProxyGate.net
Tips appreciated on how to identity and potentially block proxygate.net clients on a campus network. Proxygate...
02-19-2020 Posted by groundLoop2 Replies0 Likes855 Views
-
Suspicious TLS Evasion Suggestion
In our environment, we use another product for web traffic decryption/inspection. Since that product acts as a...
01-17-2020 Posted by Mr_Kaplan2 Replies0 Likes984 Views
-
EDL - Talos block list
I have various EDLs setup on various different PA models. Some work, and populate the list with IP's and effec...
09-18-2017 Posted by solarstone8 Replies1 Likes7869 Views
-
When will PAN signatures be available for CVE-2019-0708 ?
When will signatures be available for this?
05-15-2019 Posted by jgates014 Replies5 Likes5000 Views
-
PA-820 Threat License attack passed
Hello Guys,This is my first post here and I am very sad.I am big fan of PA and had a couple of implementations...
01-30-2020 Posted by KaloyanKirchev1 Replies0 Likes739 Views
-
Reconnaissance Protection tresholds
Hello there,I am in the process of configuring our reconnaissance protection profile and need some advice on b...
11-12-2019 Posted by Gregoryp3 Replies0 Likes1668 Views
-
DNS Tunneling
Im trrying to detect dns tunneling with custom signatures.i have some snort rules to begin.some of you have an...
02-05-2020 Posted by Torito1 Replies0 Likes707 Views
-
MineMeld sweet32/upgrade?
Getting sweet32 detected on mindmeld server. Trying and failing to update.What is update process for Ubuntu 16...
02-06-2020 Posted by craymer0 Replies1 Likes651 Views
-
Help with Threat log SCAN: Host Sweep
I am looking for assistance interpreting a report that shows “SCAN Host sweep traffic” in my threat log. There...
01-16-2020 Posted by hattracker5 Replies0 Likes2245 Views
-
Turn around time for test a site submision
So As a network admin I was disappointed to see that Palo have marked this url as low risk :https://webrecorde...
01-23-2020 Posted by TerryBradford1 Replies0 Likes725 Views
-
Minemeld service doesn't start and cannot access the web pag...
hello,we have an issue in minemeld service disabling access to the web server giving 403 error.The details is ...
01-23-2020 Posted by basem_ibrahim0 Replies0 Likes540 Views
-
Whitelist Vendor IP range from Paloalto IPS
Hi All, I am looking formore effective way to whitelist a vendor on IPS without whitelisting at the FW as well...
12-05-2017 Posted by mnadeem12 Replies0 Likes10634 Views
