Threat & Vulnerability Discussions
This forum provides information regarding how to detect and prevent the impact of vulnerabilities, malware, and other threats through the use of the Palo Alto Networks security platform.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Threat & Vulnerability Discussions
This forum provides information regarding how to detect and prevent the impact of vulnerabilities, malware, and other threats through the use of the Palo Alto Networks security platform.
About Threat & Vulnerability Discussions

Welcome to the Threat and Vulnerability discussion forum. This forum exists as a resource for security professionals to discuss and share information pertaining to the topics of threats and vulnerabilities.
Not a LIVEcommunity member? Simply click here and register!

Discussions

How to Block RClone

If I search for rclone in the applications on my PAN 3220 w 9.1, I am not spotting "rclone". 
Is there a means of identifying and blocking rclone traffic?

 

https://research.nccgroup.com/2021/05/27/detecting-rclone-an-effective-tool-for-exfiltration/

palomed by L3 Networker
  • 1968 Views
  • 0 replies
  • 1 Likes

PoshC2 false positive

Hello,

We are seeing what appears to be false positive detections for the PoshC2C vulnerability signatures that was released recently. Connections going to Google and BBC, is anyone else seeing the same thing here?

Block on APP-ID (Apache Log4j )

Hello All,

After a bit of help ...I' have never created a block type rule on a Palo and now my boss wants me to create a .block rule for the above.

We have about 300 policies in the our firewall so no idea how to create a block and apply it .

Can anybod

...

Scott64 by L1 Bithead
  • 3538 Views
  • 3 replies
  • 1 Likes

Abnormal SSL traffic on 443

Hello I was looking into an pan threat on the logs I noticed that I Abnormal traffic is being detected  does anyone have any ideas to minimize the threat or Best Practices or more possible features I can add to the Panorama

 

Thanks  

Block High Risk TLDs

Hi All,

 

I want to start blocking 'high risk' top level domains within PAN-OS. Has anyone else done this successfully? 

 

I presume the following should work based on PAN-OS RegEX:

 

URL Category:

 

*.eg/

*.ex/

etc....

 

Set URL Category to 'Block' within exist

...

Josh990 by L2 Linker
  • 3758 Views
  • 3 replies
  • 0 Likes
  • 498 Posts
  • 63 Subscriptions
This widget could not be displayed.
Top Solution Authors