Threat & Vulnerability Discussions
This forum provides information regarding how to detect and prevent the impact of vulnerabilities, malware, and other threats through the use of the Palo Alto Networks security platform.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Threat & Vulnerability Discussions
This forum provides information regarding how to detect and prevent the impact of vulnerabilities, malware, and other threats through the use of the Palo Alto Networks security platform.
About Threat & Vulnerability Discussions

Welcome to the Threat and Vulnerability discussion forum. This forum exists as a resource for security professionals to discuss and share information pertaining to the topics of threats and vulnerabilities.
Not a LIVEcommunity member? Simply click here and register!

Discussions

Virus/Win32.WGeneric.ajqxax

Starting yesterday I have seen virus alerts on my firewall relating to the above virus. The file names in question are Teams.nuspec and Teams-1.3.00.12058-full.nupkg. Googling around it appears the files are legit. File 1.3.00.12058-full.nupkg is the

...

hhiggins by L2 Linker
  • 4559 Views
  • 1 replies
  • 1 Likes

DNS sinkhole v9.0.1

Have 2 HA VMs with 9.0.1

 

Following this article: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/threat-prevention/use-dns-queries-to-identify-infected-hosts-on-the-network/identify-infected-hosts.html

 

In section 3), how does this need to b

...

ash83 by L2 Linker
  • 9808 Views
  • 8 replies
  • 0 Likes

HIP Report information

Hi,

 

Is possible to extract the parameters showed after click the "magnifiying glass" button in Monitor --> HIP Match

 

Specially the parameters corresponding to “anti-malware” and “patch-management”.

 

Extracting the .csv log this parameters aren´t showe

...

10-10-2019 12-59-26.jpg

Resolved! VPP Block IP and URL Filtering

I have two questions, one of vulnerability protection and the other on URL Filtering

 

For Vulnerability Protection Profiles, is there any downside, such as performance when using the action "Block IP" ? 

 

For URL Filtering, when you're allowing inbound

...

ce1028 by L4 Transporter
  • 8671 Views
  • 9 replies
  • 0 Likes

Suspicious TLS Evasion Suggestion

In our environment, we use another product for web traffic decryption/inspection. Since that product acts as a proxy and all web traffic gets forwarded to those configured proxy IP addresses, this traffic is getting flagged by our firewalls as suspic

...

  • 511 Posts
  • 71 Subscriptions
Top Liked Authors