Malicious objects passing through despite action is drop

Hi guys, I am new to the community and I just have a pair of PA820 go live with WF, TP and URL scan subscriptions.

I notice an inconsistency in the WF performance where most of the malicious objects are blocked but there are a few could sneak in, any

Getting report on unblocked vulnerability attacks?

  I am on PA 8.0.4.  If I go to ACC -Blocked activity, I can see what we are blocking.  Is it possible to generate a report of unblocked threats?  Potential attacks that get through because of policy rules?   It would be nice to generate not just a g

DNSProxy - Resolve-Fail - cpsc.gov

Warning: very new to PANOS.

I'm seeing a TON of these messages, to the tune of about 2-300 per second in my system log: Failed to resolve domain name: cpsc.gov after trying all attempts to name server(s): mynameserverinternalip.

I've read that this d

Flurry of Ramnit Detections

Around 04:00-05:00 yesterday my users triggered a series of ramnit detections which were blocked, but when I looked at the logs  it seems a bit unclear.  The threat logs are reporting that the file postprocess.dll carried the malware, but tying the U

SFTP SCP malware not found and blocked on firewall

i took a test for SFTP/SCP  file transmission. but i can't see anything in our logs.  i knew SSH decryption, i tried. but no use. i dont know how to understand SSH decryption( no threat checking for SSH tunnel), actully i dont have SSH tunnel.

and An

Will GlobalProtect client protect against WPA2 KRACK'd network?

Will the GP VPN client provide encryption for WPA2 sessions comprimised by the recent KRACK method?

Does that cover all the OS varients - Win, Mac, IoS, android?

I realize that only covers traffic routed back to the firewall.

ChinaCopper and General Discussion on PA Threat DB

So we get an alert today for ChinaCopper.Gen C&C inbound traffic. In doing research to see what this is, we look at the Threat DB, only to find the description of ChinaCopper.Gen to be: "This signature detects ChinaCopper.Gen Command and Control Traf

Office 365 - Poodle Vunerabilties

Threat ID - 37144 

Question or insight about Microsoft practices with not hardening against poodle.

Why am I still getting alerts for these vulnerabilities, is it because I don't have proper SSL forward proxy yet enabled? Or is it because my Office 3

Failed login attempt using guest account

Basic setup:

Palo Alto at the perimeter

Cisco ASA DMZ

Splunk collecting all logs and running reports from both Cisco and Palo Alto

Failed login reports based on the Palo Alto logs sent daily

Allowed traffic pattern

Inbound SFTP connection NAT'd to SFTP se

ACC risk factor

Looking at our ACC tab, I see that SMTP traffic has a risk of 5.  We only accept SMTP from our Symantec.cloud smart host.  It is then decrypted coming into our firewall and scanned again.  We do not decrypt outgoing SMTP, but we do have an anti-virus