Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Threat & Vulnerability Discussions
This forum provides information regarding how to detect and prevent the impact of vulnerabilities, malware, and other threats through the use of the Palo Alto Networks security platform.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Threat & Vulnerability Discussions
This forum provides information regarding how to detect and prevent the impact of vulnerabilities, malware, and other threats through the use of the Palo Alto Networks security platform.
About Threat & Vulnerability Discussions

Welcome to the Threat and Vulnerability discussion forum. This forum exists as a resource for security professionals to discuss and share information pertaining to the topics of threats and vulnerabilities.
Not a LIVEcommunity member? Simply click here and register!

Discussions

Command & Control or Just Ads?

In the last few days I have seen alerts for berbew.jb C2 traffic(192730665) and dynamer.bayo C2 traffic(192442683).  The odd thing here is that in the alert the same url is being accessed (ad.afy11.net/ad?mode=7&publisher_dsp_id=67&external_user_id=X

...

bayo.PNG
berbew.PNG
DIRTT by L2 Linker
  • 8245 Views
  • 5 replies
  • 3 Likes

Resolved! Daily Shodan scan?

Hello all,

 

We just recently made the Shodan wall of fame and I'm now getting their scan showing up every day in my Threat log. Our action is set to reset. What do you typically do in this case? Should I ignore this and accept I will be seeing this sc

...

ShodanScan.PNG

Threat ID for Unsafe Characters in URLs

Is there a Threat signature to detect Unsafe/ Illegal characters in an URL? I've searched the ThreatVault but I couldn't find any unfortunately.

 

For clarity this is what I'm talking about - https://perishablepress.com/stop-using-unsafe-characters-in-

...

adcar by L2 Linker
  • 3494 Views
  • 2 replies
  • 0 Likes

Update 762 "broke" our PA500

Hi Guys,

 

We manually updated to 762 today and our Palo immediately started ending sessions with the Resources-unavailable reason.

 

Reverting the update and restarting the dataplane fixed the issue.

 

Has anyone else had issues with it?

 

Regards

Ronelle

Ronelle by L0 Member
  • 3374 Views
  • 1 replies
  • 0 Likes

performance problem with pa-3050

We have two ISP related DNS servers with each behind a pa-3020.  During peak time we have seen the number of sessions increase to 150K on each pa-3020 so we were concerned that if one DNS server had to take the whole load then the pa-3020 would go ov

...

  • 507 Posts
  • 69 Subscriptions
Top Solution Authors
Top Liked Authors