Threat & Vulnerability Discussions

Filter Threat logs by profile's name

Hello Community,

customer would search threat logs by profile's name.

It seems on the logs there are no any fields with the name of profile (Anti-Spyware or Anti-Virus or Vulnerability Protection).

Do you know how or if is possible to search it?

Thanks

HP Intelligent Management Center TFTP Server DATA and ERROR Packets Buffer Overflow (35688)

Good Day, everyone needing some help with a threat id number I can not find any information on. 

I am needing to do so research on this threat ID that is showing in the Palo Alto once in a while.  I am wanting to change security profile setting from

Which method of Phishing Credential Prevention?

We are currently using User-ID to map users to IP addresses.  It seems that there are three possible methods of preventing credentials from leaving a site, but I am not clear on which method is best.  What are other folks doing?  One of the methods i

which app and content code Petya ransomeware attack is mitigated

want to know in which app and content release "Petya ransomware" attack is mitigated/protected. What code I should update it on to get the protection from this attack. 

As os now, we are on 698-4026 app and content code. Please suggest.

Malicious objects passing through despite action is drop

Hi guys, I am new to the community and I just have a pair of PA820 go live with WF, TP and URL scan subscriptions.

I notice an inconsistency in the WF performance where most of the malicious objects are blocked but there are a few could sneak in, any

Getting report on unblocked vulnerability attacks?

  I am on PA 8.0.4.  If I go to ACC -Blocked activity, I can see what we are blocking.  Is it possible to generate a report of unblocked threats?  Potential attacks that get through because of policy rules?   It would be nice to generate not just a g

DNSProxy - Resolve-Fail - cpsc.gov

Warning: very new to PANOS.

I'm seeing a TON of these messages, to the tune of about 2-300 per second in my system log: Failed to resolve domain name: cpsc.gov after trying all attempts to name server(s): mynameserverinternalip.

I've read that this d

Flurry of Ramnit Detections

Around 04:00-05:00 yesterday my users triggered a series of ramnit detections which were blocked, but when I looked at the logs  it seems a bit unclear.  The threat logs are reporting that the file postprocess.dll carried the malware, but tying the U

SFTP SCP malware not found and blocked on firewall

i took a test for SFTP/SCP  file transmission. but i can't see anything in our logs.  i knew SSH decryption, i tried. but no use. i dont know how to understand SSH decryption( no threat checking for SSH tunnel), actully i dont have SSH tunnel.

and An

Will GlobalProtect client protect against WPA2 KRACK'd network?

Will the GP VPN client provide encryption for WPA2 sessions comprimised by the recent KRACK method?

Does that cover all the OS varients - Win, Mac, IoS, android?

I realize that only covers traffic routed back to the firewall.

ChinaCopper and General Discussion on PA Threat DB

So we get an alert today for ChinaCopper.Gen C&C inbound traffic. In doing research to see what this is, we look at the Threat DB, only to find the description of ChinaCopper.Gen to be: "This signature detects ChinaCopper.Gen Command and Control Traf