Threat & Vulnerability Discussions
This forum provides information regarding how to detect and prevent the impact of vulnerabilities, malware, and other threats through the use of the Palo Alto Networks security platform.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Threat & Vulnerability Discussions
This forum provides information regarding how to detect and prevent the impact of vulnerabilities, malware, and other threats through the use of the Palo Alto Networks security platform.
About Threat & Vulnerability Discussions

Welcome to the Threat and Vulnerability discussion forum. This forum exists as a resource for security professionals to discuss and share information pertaining to the topics of threats and vulnerabilities.
Not a LIVEcommunity member? Simply click here and register!

Discussions

Resolved! Block grayware files?

We have recently had a few grayware alerts come through and i was wondering is there anyway files marked as grayware in WIldfile could be blocked the same as they are for malicious files? 

 

Thanks

CRDF18 by L2 Linker
  • 8703 Views
  • 5 replies
  • 0 Likes

Resolved! Default Action for SQL Injection Attacks

Following a sudden spike in SQLMap threats, I was looking at the default action for SQL injection threats and I noticed that it is is only an "alert" which seems odd for that kind of attack.  Has anyone looked deeper into this and/or changed the acti

...

djr by L4 Transporter
  • 20736 Views
  • 6 replies
  • 0 Likes

Sinkhole dns-wildfire

How does the dns-wildfire threat category work? I've seen a log entry, but there isn't any traffic to the sinkhole IP. The action is sinkhole and reported as generic:malicious.domain1. I have confirmed that sinkhole does work for regular threat categ

...

mike406 by L2 Linker
  • 4200 Views
  • 1 replies
  • 0 Likes

Resolved! URL wildcard use

We have insufficent-content category blocked. And when trying to allow a specific url using wildcard i am having issues.

 

when *.figuringoutmelody.com is used it is allowed on port 80 only while ssl gets blocked. website seems to redirect form www.fig

...

image.png
image.png
raji_toor by L4 Transporter
  • 13169 Views
  • 2 replies
  • 0 Likes

C&C Traffic Direction re China Chopper

Hi,  sorry if this is a stupid question, maybe we need a Reddit-style "ELI5" forum ;o)

 

I have been turning a blind eye to a background hum of China Chopper alerts for some time, so I thought I would try to understand what is going on.  The thing is t

...

djr by L4 Transporter
  • 5623 Views
  • 2 replies
  • 0 Likes
  • 516 Posts
  • 71 Subscriptions
Top Liked Authors