Threat & Vulnerability Discussions
This forum provides information regarding how to detect and prevent the impact of vulnerabilities, malware, and other threats through the use of the Palo Alto Networks security platform.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Threat & Vulnerability Discussions
This forum provides information regarding how to detect and prevent the impact of vulnerabilities, malware, and other threats through the use of the Palo Alto Networks security platform.
About Threat & Vulnerability Discussions

Welcome to the Threat and Vulnerability discussion forum. This forum exists as a resource for security professionals to discuss and share information pertaining to the topics of threats and vulnerabilities.
Not a LIVEcommunity member? Simply click here and register!

Discussions

Zone protection working and logging

Hi dears, 

 

I have a query regarding working of #ZoneProtection.

 

What should be the action for #flood protection ?

 

Does the packet allowed or security policy will be checked?

 

Also, packet capture should work if such flood is detected but i am not gett

...

Blocking Tor with Toro

I recently had to work with local and federal law enforcement to resolve the following.

 

http://www.ktvz.com/news/mtn-view-hs-bomb-threat-traced-to-eugene-14-year-old/653184885

 

Because of this, I've created a small piece of software (MIT Licensed) tha

...

jfolkins by L1 Bithead
  • 10929 Views
  • 8 replies
  • 1 Likes

Resolved! Block grayware files?

We have recently had a few grayware alerts come through and i was wondering is there anyway files marked as grayware in WIldfile could be blocked the same as they are for malicious files? 

 

Thanks

CRDF18 by L2 Linker
  • 8386 Views
  • 5 replies
  • 0 Likes

Resolved! Default Action for SQL Injection Attacks

Following a sudden spike in SQLMap threats, I was looking at the default action for SQL injection threats and I noticed that it is is only an "alert" which seems odd for that kind of attack.  Has anyone looked deeper into this and/or changed the acti

...

djr by L4 Transporter
  • 19405 Views
  • 6 replies
  • 0 Likes

Sinkhole dns-wildfire

How does the dns-wildfire threat category work? I've seen a log entry, but there isn't any traffic to the sinkhole IP. The action is sinkhole and reported as generic:malicious.domain1. I have confirmed that sinkhole does work for regular threat categ

...

mike406 by L2 Linker
  • 4086 Views
  • 1 replies
  • 0 Likes

Resolved! URL wildcard use

We have insufficent-content category blocked. And when trying to allow a specific url using wildcard i am having issues.

 

when *.figuringoutmelody.com is used it is allowed on port 80 only while ssl gets blocked. website seems to redirect form www.fig

...

image.png
image.png
raji_toor by L4 Transporter
  • 12934 Views
  • 2 replies
  • 0 Likes
  • 505 Posts
  • 65 Subscriptions
Top Liked Authors