Threat & Vulnerability Discussions
This forum provides information regarding how to detect and prevent the impact of vulnerabilities, malware, and other threats through the use of the Palo Alto Networks security platform.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Threat & Vulnerability Discussions
This forum provides information regarding how to detect and prevent the impact of vulnerabilities, malware, and other threats through the use of the Palo Alto Networks security platform.
About Threat & Vulnerability Discussions

Welcome to the Threat and Vulnerability discussion forum. This forum exists as a resource for security professionals to discuss and share information pertaining to the topics of threats and vulnerabilities.
Not a LIVEcommunity member? Simply click here and register!

Discussions

class not found

Hello,

I wrote a prototype from panos class.

then created local prototype in committer-config.yml, restarted minemeld, everything is up and running.

Then I created the prototype in /opt/minemeld/local/prototypes/***.yml, I can see it in Web UI.

I cloned

...

zulaa by L1 Bithead
  • 3322 Views
  • 1 replies
  • 0 Likes

Threat Logs

I believe I have everything configured correctly for threat prevention.  Able to see traffic in every log type except for threat.  Licensed and download/install is up to date.  Been through some generic troubleshooting steps that haven't helped.  Any

...

mcragg by L1 Bithead
  • 5006 Views
  • 3 replies
  • 0 Likes

Zone protection working and logging

Hi dears, 

 

I have a query regarding working of #ZoneProtection.

 

What should be the action for #flood protection ?

 

Does the packet allowed or security policy will be checked?

 

Also, packet capture should work if such flood is detected but i am not gett

...

Blocking Tor with Toro

I recently had to work with local and federal law enforcement to resolve the following.

 

http://www.ktvz.com/news/mtn-view-hs-bomb-threat-traced-to-eugene-14-year-old/653184885

 

Because of this, I've created a small piece of software (MIT Licensed) tha

...

jfolkins by L1 Bithead
  • 10448 Views
  • 8 replies
  • 1 Likes

Resolved! Block grayware files?

We have recently had a few grayware alerts come through and i was wondering is there anyway files marked as grayware in WIldfile could be blocked the same as they are for malicious files? 

 

Thanks

CRDF18 by L2 Linker
  • 7858 Views
  • 5 replies
  • 0 Likes

Resolved! Default Action for SQL Injection Attacks

Following a sudden spike in SQLMap threats, I was looking at the default action for SQL injection threats and I noticed that it is is only an "alert" which seems odd for that kind of attack.  Has anyone looked deeper into this and/or changed the acti

...

djr by L4 Transporter
  • 17799 Views
  • 6 replies
  • 0 Likes

Sinkhole dns-wildfire

How does the dns-wildfire threat category work? I've seen a log entry, but there isn't any traffic to the sinkhole IP. The action is sinkhole and reported as generic:malicious.domain1. I have confirmed that sinkhole does work for regular threat categ

...

mike406 by L2 Linker
  • 3908 Views
  • 1 replies
  • 0 Likes
  • 478 Posts
  • 63 Subscriptions
Top Solution Authors
Top Liked Authors