More PA region incorrect results

Seems like the region database was updated and has broken US addresses again.. Trying to check a site URL against the PA database at https://urlfiltering.paloaltonetworks.com/ and unable to get there from my corporate network... urlfiltering.paloalto

Name: Suspicious Abnormal RPC Request Found (Unique Threat ID: 38713)

How can I resolve this kind of alert on our internal network? 

The source is our Manage Switch and the destination is our MPLS. 

The alert source comes from the PAN NGFW.

Thank you in advance for your response.

I hope you can help me to strengthen my an

Wildfire reports refuse to connect

Hi Team, 

We are facing an error in wildfire reports after updagrade to 10.0.8h4 . it says wildfire reports refuse to connect.

Please suggest any solution  to check but if i updgrade to 10.1.3 it is working fine in mylab.

Regards

Chetan

Is the Applications and Threats Content updated about CVE-2022-26134 (Remote Code Execution Vulnerability in Atlassian Confluence)?

hello.
I would like to know whether information about the recently announced vulnerability, CVE-2022-26134 (remote code execution vulnerability in Atlassian Confluence), is reflected in Applications and Threats Content.

I have read all the available re

how to verify about bad domains and hashes

I have to block some of DNSs and Hashes since all are addressed as suspicious sources, so I want to know does our DNS security already blocked them or not  

Country Block and security policy ordering

We are currently setting up policies to block all traffic to\from all countries except a select few. The rules are in place and seem to be  working well. As a best practice, do you create a deny rule for all other out of country or do you just let th

Dynamic Updates for Apps went from XML to Binary

Was using the dynamic updates for the app/threat stuff to ingest into my system as it was in an XML file format until recently switched to Binary. Is there anyway to convert that back? 

Memory Corruption Exploit

Good day,

This may be a silly question we have been getting memory corruption exploit Alerts from a certain endpoint. Client does see them as cause for concern.

On a single end point would it be cause for concern to see multiple memory corruption expl

How to detect domain fronting

Hi,

did anyone manage to write a custom signature to detect domain fronting?

PA extracts the Host header, so in theory it should be possible to detect if the Host header is different from the URL?

Alternatively, if one could log the Host header one co

Unit42 STIX 2.0 feeds

I'm running my own Anomali STAXX server. I'm trying to ingest these Unit 42 feeds.  Do they still exist? The page is still up and I registered and created my API keys. No matter what I try to do, I can't get Anomali STAXX to connect. https://stix2.un

ThreatID 81845 - Generic PHP Webshell File Detection false positives

Anyone else seeing a large number of threat alerts this morning for the new generic signatures added last night? Seeing dozens this morning coming from user document downloads from a trusted financial source. I haven't fully decrypted the data yet, b

Uptick in Solarwinds exploit domain flagging

Starting early Saturday morning (4/23) we started getting a large number of DNS threat alerts for 3 domains associated with the Solarwinds exploit. These domains are now resolving to multiple Leaseweb IPs (as I recall, they were NX previously). Diggi

CVE-2022-0778 mitigation with Threat Prevention

Hi,

Following the CVE-2022-0778 vulnerability, I would like to apply the workaround to reduce the risk of attack until the PAN-OS update is released.

According to the security ticket, you have to activate the Threat IDs 92409 and 92411 but how to do

CVE-2022-0778 OpenSSL infinite loop vulnerability

CVE-2022-0778 Impact of the OpenSSL Infinite Loop Vulnerability CVE-2022-0778 (paloaltonetworks.com)

Further to this one, it mentions that Globalprotect is affected but doesnt say whether a client software update is required.

Do you know if the Global