Threat & Vulnerability Discussions

Welcome to the Threat & Vulnerability Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Palo Alto Firewall Swap Problem appliance is 100% (fully utilized)

Hello Team,

we Faced an problem for as the following below :

(active)> show system resources

top - 08:06:55 up 277 days, 16:43, 1 user, load average: 0.21, 0.14, 0.14
Tasks: 124 total, 3 running, 120 sleeping, 0 stopped, 1 zombie
%Cpu(s): 3.4 us, 1.6 sy,

...

How to block a specific file with hash value?

Hi Guys, I am using a pair of PA820 with TP, URL Scan and WF. I received a list of hash values from my Authority but couldn't find any hits on VirusTotal. Without doubting my big boss, I wanted to manually block it in the firewall but could not find

...

Resolved! Possible false positive C2 traffic

Hello,

Starting on 31st of October following the threat and content update 8480-7019, we noticed that traffic to wordpress sites ending in the URL wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js is being flagged as generic C" traffic. Che

...

False positive - Cisco HyperFlex HX Remote Command Execution - ID: 91836

Beginning this morning we are seeing lots of apparent false positives for threat ID: 91836 - Cisco HyperFlex HX RCE, which was added to the threat database last night. The destination server is in Wells Fargo IP space and we have determined that this

...

01996968

Is there any update ? could not find the case at portal ? Can you navigate ?

Resolved! About threat Prevention Subscriptions version installed offline

I installed a PA220 version 9.1.4. I was wondering how should I install threat Prevention.

I can't connect the perimeter wall to the Internet for some reason.

I have imported the license offline.But I don't know how to install this product offline.

Can

...

Vulnerability found on Firewall Need to address

Hi Team,

We are getting following vulnerabilities on one of our PA Firewall. Kindly suggest the next PoA regarding mentioned vulnerabilities.

Plugin

Plugin Name

Family

Severity

IP Address

Type

84502

HSTS Missing From HTTPS Server

Web Servers

Medium

x.x.x.x

Pa

...

Resolved! DNS Security Service interfering with SPAM filter

I have the DNS Security Service and it is set to sinkhole various malicious domains, including newly registered ones. The problem is that our on-premise spam filter tries to do lookups against the sending domain when we receive email, and I believe t

...

Certificate vulnerabilities

I have found several of my network devices are showing up within our vulnerability management scanner with X.509 Certificate Subject CN does not match the entity name as a vulnerability. This is more than likely a DNS issue as I do not have any netwo

...

CVE 2021-3050 Fix firmware upgrade

Hey guys as we know the above advisory resolve in PANOS 10.0.8 and above so in the solution, Palo alto says they will resolve it in September can I get to know the status of the new firmware or can I download the 10.1.0 but that is not the stable ver

...

Help with Threat log SCAN: Host Sweep

I am looking for assistance interpreting a report that shows “SCAN Host sweep traffic” in my threat log. There are multiple internal sources scanning multiple destination IP addresses that I do not own. The daily number of scans detected from each so

...

Threat : Compromised or manufacturer default password found in HTTP Basic Authentication

we have updated a Firewall last week to version 9.1.13 on July 16, 2021, after this update we have threat alerts = "Compromised or manufacturer default password found in HTTP Basic Authentication >> 50 alerts in 1 hour.

we have forced the users to cha

...

Resolved! Getting SMB brute force logs

hey, guys hope you are doing well One of my customer getting the logs of SMB: User Password Brute Force Attempt for a particular user as the user is connected to Global VPN to LAN the port 445 getting reset both traffic logs in threat logs all things

...

Resolved! Need an threat id .

I need to block these gamarue & avalanche-andromeda malware family please provide me the Thread-ID for this.

Resolved! Malicious IP addresses and High Risk IP addresses objects are not listed in Panorama

Hello,

I would like to add a policy for External Dynamic List in Panorama as a pre-rule for a particular device group. However, I am not able to see the Malicious IP addresses and High-Risk IP addresses in Panorama.

Kindly suggest.

Thanks

Discussions

Welcome to the Threat & Vulnerability Discussions!

Rules and Best Practices

Palo Alto Firewall Swap Problem appliance is 100% (fully utilized)

How to block a specific file with hash value?

Resolved! Possible false positive C2 traffic

False positive - Cisco HyperFlex HX Remote Command Execution - ID: 91836

01996968

Resolved! About threat Prevention Subscriptions version installed offline

Vulnerability found on Firewall Need to address

Resolved! DNS Security Service interfering with SPAM filter

Certificate vulnerabilities

CVE 2021-3050 Fix firmware upgrade

Help with Threat log SCAN: Host Sweep

Threat : Compromised or manufacturer default password found in HTTP Basic Authentication

Resolved! Getting SMB brute force logs

Resolved! Need an threat id .

Resolved! Malicious IP addresses and High Risk IP addresses objects are not listed in Panorama

PAN-OS logs

Are there signature release for following vulnerabilities?

Cannot update Adobe Creative Cloud

App & Threat Content Comparison Utility

Wildfire False Positive for THREAT-ID 614284446

Exfiltration Shield - Prevent data exfiltration via DNS relay attack

Re: URL Blocking not working

Unlock your full community experience!

Rules and Best Practices

Resolved! Possible false positive C2 traffic

Resolved! About threat Prevention Subscriptions version installed offline

Resolved! DNS Security Service interfering with SPAM filter

Resolved! Getting SMB brute force logs

Resolved! Need an threat id .

Resolved! Malicious IP addresses and High Risk IP addresses objects are not listed in Panorama