Threat & Vulnerability Discussions
This forum provides information regarding how to detect and prevent the impact of vulnerabilities, malware, and other threats through the use of the Palo Alto Networks security platform.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Threat & Vulnerability Discussions
This forum provides information regarding how to detect and prevent the impact of vulnerabilities, malware, and other threats through the use of the Palo Alto Networks security platform.
About Threat & Vulnerability Discussions

Welcome to the Threat and Vulnerability discussion forum. This forum exists as a resource for security professionals to discuss and share information pertaining to the topics of threats and vulnerabilities.
Not a LIVEcommunity member? Simply click here and register!

Discussions

Resolved! Block grayware files?

We have recently had a few grayware alerts come through and i was wondering is there anyway files marked as grayware in WIldfile could be blocked the same as they are for malicious files? 

 

Thanks

CRDF18 by L2 Linker
  • 8973 Views
  • 5 replies
  • 0 Likes

Resolved! Default Action for SQL Injection Attacks

Following a sudden spike in SQLMap threats, I was looking at the default action for SQL injection threats and I noticed that it is is only an "alert" which seems odd for that kind of attack.  Has anyone looked deeper into this and/or changed the acti

...

djr by L4 Transporter
  • 21518 Views
  • 6 replies
  • 0 Likes

Sinkhole dns-wildfire

How does the dns-wildfire threat category work? I've seen a log entry, but there isn't any traffic to the sinkhole IP. The action is sinkhole and reported as generic:malicious.domain1. I have confirmed that sinkhole does work for regular threat categ

...

mike406 by L2 Linker
  • 4295 Views
  • 1 replies
  • 0 Likes

Resolved! URL wildcard use

We have insufficent-content category blocked. And when trying to allow a specific url using wildcard i am having issues.

 

when *.figuringoutmelody.com is used it is allowed on port 80 only while ssl gets blocked. website seems to redirect form www.fig

...

image.png
image.png
raji_toor by L4 Transporter
  • 13331 Views
  • 2 replies
  • 0 Likes

C&C Traffic Direction re China Chopper

Hi,  sorry if this is a stupid question, maybe we need a Reddit-style "ELI5" forum ;o)

 

I have been turning a blind eye to a background hum of China Chopper alerts for some time, so I thought I would try to understand what is going on.  The thing is t

...

djr by L4 Transporter
  • 5772 Views
  • 2 replies
  • 0 Likes
  • 530 Posts
  • 73 Subscriptions