Failed login attempt using guest account

Basic setup:

Palo Alto at the perimeter

Cisco ASA DMZ

Splunk collecting all logs and running reports from both Cisco and Palo Alto

Failed login reports based on the Palo Alto logs sent daily

Allowed traffic pattern

Inbound SFTP connection NAT'd to SFTP se

ACC risk factor

Looking at our ACC tab, I see that SMTP traffic has a risk of 5.  We only accept SMTP from our Symantec.cloud smart host.  It is then decrypted coming into our firewall and scanned again.  We do not decrypt outgoing SMTP, but we do have an anti-virus

Join Palo Alto Support

This is my first post.

Please help me to register for Palo Alto Support, so that I can receive e-mail alerts about Application and Threats. For the emergency content updates.

CVE-2017-6770

Hi ,

I would like to know whether Palo alto able to detect this CVE-2017-6770 since i cant find this  in threatvault .  

Is there any preventive solution from Palo Alto to safely guard this vulnerable from being taken advantage of?

Thanks.

"Informational" threat has default action of "drop-reset"

Threat 30861 "Microsoft Windows Server Service NetrServerGetInfo Opnum 21 Access Attempt" has a severity level of "Informational" but a default action of "drop-reset".  Is it common for such a low sev level threat to have such a drastic response?  It

Understanding what the widget for IP destination threats means

Hi All,

I am new to Palo Alto - and manage a network, looking through the widgets there's one for destination ip, with the Threat radio button ticked.   The widget shows lots of destinations, I have been asked the question does that mean attacks are

Houdini RAT

Hi Team,

Please let us know whether Palo Alto firewall has updated signatures to detect Houdini RAT

Thanks and Regards,

TAC

Stop vulnerability scanning based on app-id

We have created a custom app id for internal only traffic that is currently generating false positives in our vulnerability scanning.

We ideally would like to stop this particular app-id from being scanned for vulnerabilites or at least a specific vu

spam-urls ?

Running PAN-OS 6.1.15 and content 709, when I filter for "spam-urls" (a category that I wasn't really aware of previously), Panorama returns "extremism" hits. Am I missing a trick here or is something broken?

"Whitelist" a brute force attack

Hi all,

we run a cron job from one intern server to another.

Because of this we get alerts in the threat tab and the threat tab is full of this. I don´t want to see this alerts anymore.

I create under Objects/vulnarebility protection/ a new profile:

In

Threat ID ranges definitions

Hello Threat Team,

Hope everyone is well today. We came across a Threat ID 6000400 which falls under an Antivirus Signature Range: SWFZWS: 6000000 - 6000500 (Ref: https://live.paloaltonetworks.com/t5/Threat-Vulnerability-Articles/Threat-ID-Ranges-in-