Threat & Vulnerability Discussions

Welcome to the Threat and Vulnerability Discussion Board

Welcome to the Threat and Vulnerability Forum

The purpose of this forum is to discuss security vulnerabilities and threats. Palo Alto Networks believes that understanding todays threat landscape is critical to effectively detecting and preventing cyb

...

HIP Report information

Hi,

Is possible to extract the parameters showed after click the "magnifiying glass" button in Monitor --> HIP Match

Specially the parameters corresponding to “anti-malware” and “patch-management”.

Extracting the .csv log this parameters aren´t showe

...

Resolved! VPP Block IP and URL Filtering

I have two questions, one of vulnerability protection and the other on URL Filtering

For Vulnerability Protection Profiles, is there any downside, such as performance when using the action "Block IP" ?

For URL Filtering, when you're allowing inbound

...

Resolved! Wildfire - no file information

Why there is no file information for what was detected as a virus(Virus/Win32.WGeneric.aiqckt). It shows under threat logs, but not wildfire logs.

Suspicious TLS Evasion Suggestion

In our environment, we use another product for web traffic decryption/inspection. Since that product acts as a proxy and all web traffic gets forwarded to those configured proxy IP addresses, this traffic is getting flagged by our firewalls as suspic

...

When will PAN signatures be available for CVE-2019-0708 ?

When will signatures be available for this?

PA-820 Threat License attack passed

Hello Guys,

This is my first post here and I am very sad.

I am big fan of PA and had a couple of implementations with customers but...

Sadly, last sunday, PA-820 appliances in HA were not enough to stop hackers/attack.

Customer of mine had some public

...

Turn around time for test a site submision

So As a network admin I was disappointed to see that Palo have marked this url as low risk : https://webrecorder.io/

If you do not block this site it allows your users to negate all of your well thought out url policies, yes they can just jump on a po

...

Whitelist Vendor IP range from Paloalto IPS

Hi All, I am looking for more effective way to whitelist a vendor on IPS without whitelisting at the FW as well.

I am looking for traffic from vendore ip range to be completely exempted from Vulnerability / antivirus / Anti-spyware without creating a

...

Resolved! Vulnerability protection for 2020-0674 RCE

Is there a timeline for release of protection for this RCE, following the release of a patch?

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200001

What is the meanings for URL and destination under the URL filtering?

the URL showed that URL is maper.info while Destination is iplogger.com

NRD protection

Will enabling an NRD URL filter be able to filter inbound SMTP connections and block for deny emails from a Newly Registered Domain or is it designed to simply block clients from connecting to URLs that have Newly Registered Domains? Is there any way

...

Resolved! PCI: How do I exempt an ASV scanner from the IPS functions (Next-Gen, Vuln-Protection... etc)

We are trying to exempt our ASV scanner IPs from vuln protection, AV, etc... without whitelisting them from the firewall (host/port) rules we have in place. All I can find is exempting IPs based on a single Threat ID.

Thanks.

PCI Scanning Standard:

"

...

How to detect the virus came from which ip

several servers in Data Center are affected by a virus but I am unable to pin point the source. Can anyone assist?

Resolved! PAN-OS 8.0 Blue team help (In a little over my head)

I joined my schools cyber defense team last week, and subsequently volunteered to manage the firewall (Palo Alto VM version 8.0.0). I was supposed to have until the 23rd to learn as much as I could. However, due to scheduling conflicts we were moved

...

Masscan Port Scanning Tool Detection'

I am getting this alert Masscan Port Scanning Tool Detection' what can I do that will stop the scanning, I would think I would need to do more that alert and when I check the threat database it didn't really offer much

Discussions

Welcome to the Threat and Vulnerability Discussion Board

HIP Report information

Resolved! VPP Block IP and URL Filtering

Resolved! Wildfire - no file information

Suspicious TLS Evasion Suggestion

When will PAN signatures be available for CVE-2019-0708 ?

PA-820 Threat License attack passed

Turn around time for test a site submision

Whitelist Vendor IP range from Paloalto IPS

Resolved! Vulnerability protection for 2020-0674 RCE

What is the meanings for URL and destination under the URL filtering?

NRD protection

Resolved! PCI: How do I exempt an ASV scanner from the IPS functions (Next-Gen, Vuln-Protection... etc)

How to detect the virus came from which ip

Resolved! PAN-OS 8.0 Blue team help (In a little over my head)

Masscan Port Scanning Tool Detection'

TID 95187 is not on my signature list

What's the difference between antivirus signatures and WildFire signatures

EDL Dynamic Domain list that is allowed in Anti-spyware profile> DNS Polices is getting sinkholed

false positive 626399763

Are there signature release for CVE-2023-6237 etc?

Re: cytray.exe "bad image" errors following Agent update

Re: cytray.exe "bad image" errors following Agent update

Re: cytray.exe "bad image" errors following Agent update

How can I see if my FW has already been exploited by the CVE-2024-3400?

Query regarding CVE-2024-3400

Unlock your full community experience!

Resolved! VPP Block IP and URL Filtering

Resolved! Wildfire - no file information

Resolved! Vulnerability protection for 2020-0674 RCE

Resolved! PCI: How do I exempt an ASV scanner from the IPS functions (Next-Gen, Vuln-Protection... etc)

Resolved! PAN-OS 8.0 Blue team help (In a little over my head)