Vulnerability alerts

There is a web site www.vpnranks.com(35.170.95.4) that is identified as type=THREAT and App=HAS KNOWN VULNERABILITY.  As a result, it is blocked by our PAN firewalls (i.e. this is the info in the logs when I ping 35.175.95.4).  According to the PAN w

Sw.js, Hipobject.js,rapidworker.js logs generating in Palo alto firewall

Hi Everyone,

Good day,

We have enabled VA profile in our security policies, we find that "Javascript WSF HTA JSE or VBS File Sent in Email(39002)" has been triggered continously in the threat tab of the firewall. We find file names such as sw.js, hip

When can we expect PAN signatures for CVE-2019-6340

https://www.drupal.org/sa-core-2019-003

How to allow a specific Youtube video while all the rest of Video-Streaming websites are blocked

Hi Everyone, I followed this thread posted a number of years back and my issue is not yet solved:

https://live.paloaltonetworks.com/t5/Learning-Articles/How-to-Allow-a-Single-Facebook-YouTube-or-Twitter-Page/ta-p/57542

Basically, Video-Streaming in ge

unknown threat name

Our firewall detected a spyware "C2-Bitsight-Prirrit" with threat id 15006. But I can't find any information about this spyware on Palo Alto's support site. The id seems non-exist. Could it be a mistake? 

How will threat functionality work with asymmetric routing

I would like to understand what will happen to Threat Protection and AntiVirus(TPAV) in the following case.  Both firewalls have "allow" non-syn-tcp turned on. Each firewall is only seeing half of the session and has no idea about the other half. 

My

Exempt domain name instead of exempt ip address for vulnerability

Hello,

We get large amount of high severity threat alarm when users visit Yahoo, they were triggered by this url s.yimg.com/aaq/yc/js/tdv2-applet-canvass.8739955d2bd825cb0aa2.min.js ( 8739955d2bd825cb0aa2 is a random string that changes everytime ).

Test that a Threat Signature is Enabled?

Hello,

Is there a way of testing if a specific Threat Signature is enabled? I recently automated critical threat signatures. both vulnerabilities and anti-spyware, to be set to reset-both, but I want to make sure it is working and the new critical si

Finding the offending file associated with threat event

I’m having an issue identifying the offending file that triggered a vulnerability detection. We had an IT admin transfer a large batch of files across a network segment that traveled on of or PA firewllls. One of the transfers triggered an alert for ...

class not found

Hello,

I wrote a prototype from panos class.

then created local prototype in committer-config.yml, restarted minemeld, everything is up and running.

Then I created the prototype in /opt/minemeld/local/prototypes/***.yml, I can see it in Web UI.

I cloned

Threat Logs

I believe I have everything configured correctly for threat prevention.  Able to see traffic in every log type except for threat.  Licensed and download/install is up to date.  Been through some generic troubleshooting steps that haven't helped.  Any

Allowing ms-update on app-default, File blocking PE and therefore no windows updates

New PAN implementation and blocking per PA best practice (PE, multi-level, etc..) and allowing ms-update on application default.  However the WSUS server is not able to download any updates and its classifying a PE file as a threat.  The file in ques

Zone protection working and logging

Hi dears, 

I have a query regarding working of #ZoneProtection.

What should be the action for #flood protection ?

Does the packet allowed or security policy will be checked?

Also, packet capture should work if such flood is detected but i am not gett

Blocking Tor with Toro

I recently had to work with local and federal law enforcement to resolve the following.

http://www.ktvz.com/news/mtn-view-hs-bomb-threat-traced-to-eugene-14-year-old/653184885

Because of this, I've created a small piece of software (MIT Licensed) tha