wildfire-virus threatID 602574714 false positive ?

Good Morning,

Has anyone had WildFire-Virus threat events with the following  threat ID:602574714 ?

Antivirus Signatures 

Threat 86751 - PotatoVPN Detection

I am getting hits on this threat, categorized as Spyware, but as far as I can see it is a legitimate client VPN  product.  Why is this being classed as malicious or is it mis-classified?

Threat ID 86798 - BruteRatel C4 Command and Control Traffic Detection

Hi all,

since yesterday I see this threat as a critical. I suppouse that is false posotive action.

Didn't find any suspicious actions on the computer and just want to know is there any of you that have observed similar alerts?

Maybe I have to dig

Denial of Service Investigating

If I wanted to to troubleshoot / investigate for a potential DoS attack, what are some logs to look for using the Palo Alto?

Cortex XDR Remote account enumeration

Hello,

today we have interesting alert

At least 33 distinct non-existing accounts failed to remotely log in to XX-Laptop1. Users list: name.user, user name, user.name, username

User has no idea - all day at school, behind NAT. What I cannot reall

out of date CVEs

I am curious about the listing of vulnerabilities in the vulnerabilities assessment.  It seems like it is catching old out dated CVE's and attaching them to fully updated machines.  for example i have numerous machines showing a vulnerability CVE-202

Apps and Threats Mismatch

Hi All

I have a pair of Panorama managed Firewalls configured in a HA Setup . However I m observing a mismatch on the App and Threat versions across both devices . Although the "Synch To Peer" option is enabled on the App and Threat schedule settin

Vulnerability Protection Profile

Hello!

I have a rule with a vulnerability protection profile enabled between my VPN users and DMZ.

I need to WebGUI (8443/8080) into a new DMZ server, but VP is stopping it.

How do I make an exception for this traffic?

Thanks,

DC

Blocking external IP addresses and blacklists

Hi,

I have some questions regarding the PAN-OS and blocking IP addresses. 

We are getting daily emails with lists of IP's that are port scanning and probing th FW. The customer wants all these addresses blocked. For example over the last 2 weeks I ha

Threat Prevention Rules, Exceptions, Default Actions Precedence

I want to confirm the order of precedence for security profile rules, default actions, and exceptions.  For example, the default action for the SSH User Authentication Brute Force Attempt threat is alert.  However, the threat profile rule associated

Prisma CWP API for Compute -> Monitor -> Vulnerabilities -> Images - > Deployed

I am trying to find the Prisma CWP API to check the Vulnerability scan reports for deployed images, but couldn't find one. Can someone suggest the correct API/ doc.

Thanks

Prisma Cloud

Virus alerts on odd files in July 2023

Our SIEM has received several virus alerts from the Palo firewall since mid July.  The AV or Wildfire has flagged Adobe and Microsoft files. And now a web site for for a digital transformation and process company smartupload.sutherlandglobal.com.  Al

CVE-2023-38046 PAN-OS: 구성 커밋 중 시스템 파일 및 리소스 읽기

원본 링크

https://security.paloaltonetworks.com/CVE-2023-38046

공격 벡터: 네트워크    

범위: 변경 없음

공격 복잡도: 낮음

기밀성 영향: 높음

필요한 권한: 높음

무결성 영향: 낮음

사용자 상호 작용: 없음
가용성 영향: 없음

게시 2023-07-13
업데이트 2023-07-13
참조 PAN-208922
외부에서 발견됨

설명:

Palo Alto Networks PAN-OS 소프트웨어에는 특별히 생