Need confirmation from Palo alto on DNS Trojan ShadowPad Detected

1. Customer has encountered the new threat alert named DNS Trojan ShadowPad Detected in their network but the traffic is passing through Palo alto firewall and it is allowed and no threat alerts are triggered in Palo Alto Firewall.

2. TLS Version 1

Cortex XDR logs fed into Splunk ES

Hello all,

Is there a repository of Splunk searches or queries based on Palo Alto Cortex XDR logs that I can be referred to? I am looking to create correlation searches in Splunk that will help filter through the alerts/logs received.

Is that something

Missing CVE

Dear Team,

Kindly we need to know if the below high vulnerabilities will be added soon as there are no signatures for them on Palo Alto:

1- CVE-2022-2601 regarding the below:

https://linux.oracle.com/cve/CVE-2022-2601.html

2- CVE-2022-3775 regard

Thwarting the Theft of OAuth Session Tokens Using Secured Containerized Development Environments (CDEs)

Cyberattacks targeting resource credentials such as session tokens are on the rise 

Recent high-profile cases such as the source code leaks of Slack's GitHub repositories in January 2023, CircleCI in January 2023, and before that GitHub accounts in

PyPI repository attack

Use twistlock for jar vulnerability check

We are employing twist lock to check vulnerabilities in container which hosts our application (jar file). Can we filter out the vulnerabilities for the jar file alone or otherwise can we use it to evaluate the jar file alone, for vulnerabilities?

DNS Signatures

some logs showing the message “Suspicious DNS Query”, it will easy for us to analyse. But the logs showing code “577407756(577407756)”, we are not able to understand what it mean for.

EvilExtractor

We have concerns about the Evil Extractor malware posted here: https://www.fortinet.com/blog/threat-research/evil-extractor-all-in-one-stealer
I have not been able to find anything on the PA Cortex or Firewall Pages and need to get information back to

False positive? - Generic Malicious Javascript Detection 86736

Since this new spyware signature was pushed Monday, we have seen a huge number of hits across major websites. Then this morning the signature was pulled as possibly having false positive detection problems. However, I have been investigating the hits

AUkill Tool - EDR Killer

What are the things needs to be configured to protect our infrastructure from New AuKill Tool, which is used by Ransomware group Or our Current Cortex XSIAM version is capable to detect and prevent this.

"AuKill to disable Endpoint Detection & Respon

Telnet to TCP port works even without a valid implicit/explicit security policy

There is no FW policy which allows the SSL application over port  TCP 27017 between the given source/destinations. In fact it shows deny in the monitor -> logs but I'm able to telnet the from the source  to the destination - 172.20.249.77 over port 2

Unable to get license of threat and wildfire

Hi all,

We are configuring new firewall and we are facing issue while uploading license regarding threat and wildfire. Can anybody know any solution on this?