Welcome to the Threat and Vulnerability Forum
The purpose of this forum is to discuss security vulnerabilities and threats. Palo Alto Networks believes that understanding todays threat landscape is critical to effectively detecting and preventing cyb
...
I have two questions, one of vulnerability protection and the other on URL Filtering
For Vulnerability Protection Profiles, is there any downside, such as performance when using the action "Block IP" ?
For URL Filtering, when you're allowing inbound
...
Why there is no file information for what was detected as a virus(Virus/Win32.WGeneric.aiqckt). It shows under threat logs, but not wildfire logs.
In our environment, we use another product for web traffic decryption/inspection. Since that product acts as a proxy and all web traffic gets forwarded to those configured proxy IP addresses, this traffic is getting flagged by our firewalls as suspic
...
I have various EDLs setup on various different PA models. Some work, and populate the list with IP's and effectively block in security policies. However, for Cisco Talos block list, it just will not work:
http://www.talosintelligence.com/feeds/ip-fi
...
When will signatures be available for this?
Hello Guys,
This is my first post here and I am very sad.
I am big fan of PA and had a couple of implementations with customers but...
Sadly, last sunday, PA-820 appliances in HA were not enough to stop hackers/attack.
Customer of mine had some public
...
So As a network admin I was disappointed to see that Palo have marked this url as low risk : https://webrecorder.io/
If you do not block this site it allows your users to negate all of your well thought out url policies, yes they can just jump on a po
...
Hi All, I am looking for more effective way to whitelist a vendor on IPS without whitelisting at the FW as well.
I am looking for traffic from vendore ip range to be completely exempted from Vulnerability / antivirus / Anti-spyware without creating a
...
Is there a timeline for release of protection for this RCE, following the release of a patch?
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200001
the URL showed that URL is maper.info while Destination is iplogger.com
Will enabling an NRD URL filter be able to filter inbound SMTP connections and block for deny emails from a Newly Registered Domain or is it designed to simply block clients from connecting to URLs that have Newly Registered Domains? Is there any way
...
We are trying to exempt our ASV scanner IPs from vuln protection, AV, etc... without whitelisting them from the firewall (host/port) rules we have in place. All I can find is exempting IPs based on a single Threat ID.
Thanks.
PCI Scanning Standard:
"
...
several servers in Data Center are affected by a virus but I am unable to pin point the source. Can anyone assist?
I joined my schools cyber defense team last week, and subsequently volunteered to manage the firewall (Palo Alto VM version 8.0.0). I was supposed to have until the 23rd to learn as much as I could. However, due to scheduling conflicts we were moved
...
I am getting this alert Masscan Port Scanning Tool Detection' what can I do that will stop the scanning, I would think I would need to do more that alert and when I check the threat database it didn't really offer much
