Threat & Vulnerability Discussions
This forum provides information regarding how to detect and prevent the impact of vulnerabilities, malware, and other threats through the use of the Palo Alto Networks security platform.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Threat & Vulnerability Discussions
This forum provides information regarding how to detect and prevent the impact of vulnerabilities, malware, and other threats through the use of the Palo Alto Networks security platform.
About Threat & Vulnerability Discussions

Welcome to the Threat and Vulnerability discussion forum. This forum exists as a resource for security professionals to discuss and share information pertaining to the topics of threats and vulnerabilities.
Not a LIVEcommunity member? Simply click here and register!

Discussions

Suspicious User-Agent Strings

Hi All,

 

I have noticed a log from our Palo Alto vulnerability report that looks suspicious yet I am unaware of it.

There is a threat "Suspicious User-Agent Strings" detected under the "spyware" category and "HTTP-proxy" application from Globalprote

...

Jerome.j by L1 Bithead
  • 2823 Views
  • 1 replies
  • 0 Likes

Text injection issue on firewall

Dear Team ,

 

We have a customer he is facing issue with , Text injection is enabled on firewall portal web application.

We noticed a problem with the Palo Alto web portal is getting affected by text injection during the security audit. We must mitig

...

Student extensive use of VPNs.

Hello Livecommunity. We are in a bind. We have numerous students on our school networks that are bypassing security profile rules with VPNs. So frustrating. I do have rulesets that look for annnomizers and proxies. I also have explicit rules that loo

...

JCMoritz by L1 Bithead
  • 5508 Views
  • 4 replies
  • 0 Likes

Resolved! CVE-2023-38802

Hi,

 

Regarding CVE-2023-38802, DDOS in BGP software,  would this apply only to public ASNs/BGP sessions established on public internet?   I have BGP configured on PAN firewalls but only running BGP over IPSec tunnels using private ASNs

 

I would thi

...

Malicious .zip file detected as "HackTool/Win32.mimikatz" by AV policy and action shows as 'reset-both' but the file was not blocked

Hello,

 

While doing testing around our security controls, we did intentionally try to download Mimikatz onto an isolated workstation to see if Palo Alto blocks the download, however though Palo did alert with multiple threat names starting with "Hac

...

Network

Hi Team,

We have a customer he is facing issue with, Sliver Framework Command and Control Traffic Detection - ThreatID 86680.

He is getting below sync error,

URL : mail.google.com/sync/u/0/i/s?hl=en&c=649&rt=r&pt=ji 

I have gone through the below art

...

Resolved! Spyware Detections

Hi Community,

 

Lately we are noticing on one of our clients environment where PA is flagging traffic to "mail.google.com" as Spyware. The captured signature is "sliver framework command and control traffic detection".

 

I did run the captured URL "m

...

Resolved! dns sinkhole rule

hi all

 

 

we are in a dilemma, we have enable dns sinkhole in our anti-spyware profile enable:

dns sinkhole > DNS Policies > default-paloalto-dns > sinkhole enable .

DNS Sinkhole Setting> IPv4 > X.X.X.X

Now, this profile is also added to our securit

...

  • 514 Posts
  • 71 Subscriptions
Top Solution Authors
Top Liked Authors