Welcome to the Threat and Vulnerability Forum
The purpose of this forum is to discuss security vulnerabilities and threats. Palo Alto Networks believes that understanding todays threat landscape is critical to effectively detecting and preventing cyb
...
Hi, I have just spotted a treat alert of SkyVPN C2 traffic (ID 18871) in my logs and looked at the entry on the Threat Vault. This seems to be quite an old detection but when I looked around for any further information regarding SkyVPN, I couldn't s
...
I am new to the world of PA and next gen firewalls and took some online training. I discovered that in the Traffic Proccessing phase before App ID gets applied in the Security Policy that the session is already allowed to start if the layer 4 ports
...
Apologies if this is going over old ground but I have an issue with zone protection and am stumped trying to work out what it is.
I have configured and applied the zone protection profile to a layer3 sub-interface, when I test against it with crafted
...
Hello,
Just curious if there is a definition for the new variant referenced here: https://www.armis.com/resources/iot-security-blog/nat-slipstreaming-v2-0-new-attack-variant-can-expose-all-internal-network-devices-to-the-internet/
Thank you!
I noticed the default action for the new "NAT Slipstreaming Detection" signatures are set to Alert.
How come they are not set to Drop or something else that stops this attack in its tracks?
Also, is there a best practice on protecting against attacks,
...
Hello,
Have anyone else noticed a very large flood of triggered 38716 threat warnings comming from Amazon CDN? That is just a very short fragment:
2018-02-26 13:301801032072THREATvulnerability2018-02-26 13:3052.222.174.180192.168.2.199Microsoft Windo...
We have been seeing SMB: User Password Brute Force Attempt threats coming into our logs. We are not seeing a UN accompanied with the the traffic and the are using port 445. This just popped up recently and we are not seeing anything malicious on th
...
hello,
we have an issue in minemeld service disabling access to the web server giving 403 error.
The details is in screeshots.
Any help please ?
Hello there,
We have a constant brute force attempt on port 25 of our email server. We put the vulnerability profile to block these attacks and consequently block the ip for 3600 seconds, however in some cases this ip will try again immediately after
...
Hi Team
How to block below hash value. Please help us
4ad20bcd0f915acba7817e0639fcbf4f713beb8ac35112134808d4e5f753d519
86800f9e3b563eaeba1d84d431b83405b2118300c0ad2deab39a093d4b9093c5
96a64cccb55f7b42711015054ddd6ac45459643aa17c13248c6e344dc787cbfd
aad97
hi Team.
Our production application triggered the "HTTP SQL Injection Attempt" threat alert, mainly ID: 33338 and ID: 36056 and ID: 36239 and ID: 54608; affecting the production business; an exception has been made, how can we determine which SQL stat
hi all, I'm trying to add a regex data pattern for the word Orion. It works everywhere, but Palo Alto just refuses to except it and gives no reason. This is standard regex syntax
([oO][rR][iI][oO][nN])
I need the word "orion" in every possible combi
...
I set medium to drop in the vulnerability protection profile,
but when I check the log, Severity is medium, but action is alert. Why not drop?
If you check the verbose log, the type is url and action is alert. Severity is informational.
In this case,...
Hello everyone,
I am a newbie here. Perhaps anyone here can tell me how to set my PA-28 firewall to block unauthenticated inbounds connections by default. Thanks
Hi,
Is there a way to know what a specific threat ID checks for? We enabled SSL inspection for SMTP traffic and Palo started to flag every e-mail with threat ID 56951 (non-RFC compliant SMTP traffic), but ThreatDB does not provide anything useful
...
OtakarKlier
on:
Denial of Service Investigating
PavelK
on:
CVE-2023-38802
PavelK
on:
Vulnerability Protection Profile
