Downloading TMS On-Prem Broker VM

How long i need to wait until i can download On-Prem Broker VM on Support Portal Software Update after activating TMS service on HUB

because until now i can't see menu <Filter the results by On-Prem Broker VM> on the software update menu

IPS detects HTML SQL Injection attempt (35827) only after WebServer returns 302 on original request

During an event investigation, noticed the following behavior:

1. Attacker sends SQL injection request to WebServer (that sits behind a Palo-Alto).
2. WebServer answers with HTTP 302 to redirect to error page (the error page is basically "/error.aspx/[origi

Wind River VxWorks

Is Palo Alto working on signatures/rules for the CVE's listed below ( ICS Advisory (ICSA-19-211-01) )?

CVE‐2019‐12255

CVE‐2019‐12256

CVE‐2019‐12260

CVE‐2019‐12257

CVE‐2019‐12261

CVE‐2019‐12263

CVE‐2019‐12258

CVE‐2019‐12262

CVE‐2019‐12264

CVE‐2019‐12259

CVE‐201

Threats on port 80 for globalprotect external interface?

We have been getting more and more threat alerts for our outside interface, that hosts our GlobalProtect portal/gateway, and in every alert its because the destination port is 80.

Ive checked and if you browse to our portal on http it redirects to th

Top 20 Outbound IP Report

We have a new security director and I have been tasked with created a few reports about IP traffic. 

The request for for the following:

-Top 20 outbound IPs that are NOT in the DNS cache

-Top 20 outbound IPs by data sent

-Top 20 outbound IPs by connectio

connections firewall to ldap

Hello, i need your help. Iwould like to know how the ildap connection woks. Why are there connections between the PAN directly to the pc and does not go through the AD server?

Is this behavior normal?

The security departament says it´s not normal or th

Remote Desktop Services Vulnerability (CVE-2019-1181, 1182, 1222, 1226)

Anyone know which Content Update (released or upcoming) might contain a mitigation for CVE-2019-1181, 1182, 1222, 1226?

I understand there was an original advisory -> CVE-2019-0708 but I'm wondering if there is a specific update for the more recent a

Application risk factor

Is there any document explaining how and why an application is assigned a certain risk factor?

DNS Sinkhole - What constitutes investigation?

I have implemented DNS sinkholing and am curious what constitutes investigation. I am seeing some clients hitting the sinkhole but only for a short period (1-2 minutes or less).

I'm not sure if these could be drive-by download attempts, or what they

CVE-2019-9511 Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS)

Why are APPID and Threats not Separate Updates?

Don't tell me how to fix this, I already know how it works.

I need to know why Palo Alto does not have a separate APPID update and Threat update just like AV and WF are separate. 

Using PA as an everything device we actually need Vulnerability and Ant