Threat & Vulnerability Discussions
This forum provides information regarding how to detect and prevent the impact of vulnerabilities, malware, and other threats through the use of the Palo Alto Networks security platform.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Threat & Vulnerability Discussions
This forum provides information regarding how to detect and prevent the impact of vulnerabilities, malware, and other threats through the use of the Palo Alto Networks security platform.
About Threat & Vulnerability Discussions

Welcome to the Threat and Vulnerability discussion forum. This forum exists as a resource for security professionals to discuss and share information pertaining to the topics of threats and vulnerabilities.
Not a LIVEcommunity member? Simply click here and register!

Discussions

URL Blocking not working

Hello

Can anyone explain why this doesn't work?

I added misoft5.s3.us-east-2.amazonaws.com and misoft5.s3.us-east-2.amazonaws.com/* to my blocked URL list.

If I type in misoft5.s3.us-east-2.amazonaws.com in a browser I get the BLOCKED page. All is well.

...

Threat ID 52019

Hi,

 

Im Trying to get some information on "Threat ID 52019", as i found only 1 document referencing it in the Palo Alto Knowledge Base . The information provided does not describe it. Is there a way to get more information on this? FYI, I don't have a

...

ppradhan by L0 Member
  • 3396 Views
  • 3 replies
  • 0 Likes

Minemeld alternative

Hello ,

 

On of our customer is dependent on their partner for Minemeld EDL

 

The Partner is hosting the Minemeld server and now our customer is planning to build their own Minemeld

 

As Minemeld is no longer supported by PAN and is purely an open Source s

...

malware.azjf C2 traffic

Hi,

I am seeing a lot of traffic being identified as malware.azjf C2 traffic over the last couple of days since the last threat update. I have noticed a pattern that users are visiting Wordpress websites that use the owl carousel plugin and checking t

...

NetBIOS in todays world

Hi Community,

 

I'm curious about your opinions to NetBIOS traffic.

I'm aware, that you can disable NetBIOS per interface via ncpla.cpl or via DHCP options.

 

With typical customers and current systems, you still see netbios connection between Windows sys

...

Chacko42 by L4 Transporter
  • 2378 Views
  • 2 replies
  • 0 Likes

Content-ID - Hold Client Request

Hi All,

 

I'm curious to know how many of you have implemented the URL Filtering best practise, Content-ID - 'Hold client request for category lookup' feature? This feature is of particular interest to me because without this feature, the logs of other

...

Josh990 by L2 Linker
  • 2294 Views
  • 0 replies
  • 0 Likes

Resolved! Possible false positive C2 traffic

Hello,

Starting on 31st of October following the threat and content update 8480-7019, we noticed that traffic to wordpress sites ending in the URL wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js is being flagged as generic C" traffic. Che

...

  • 503 Posts
  • 63 Subscriptions
Top Solution Authors