Pan-OS Bug

• In Preliminary checks we found that all data ports of Backend Firewalls were down
• we established Console access to BE Firewall, we found that Firewalls were running in the maintenance mode
• We managed to reboot BE Firewalls and bring them up at about 7.

Bioc rules (XQL query)

Hello everyone. I need help about bioc rules. I found a lot of ioc rules from other source. But I dont know how can I change that ioc rules to BIOC rules. Thats really so big problem for me and I can't figure out. Who can help me about that? Thanks i

SSH Proxy decryption disables vulnerability protection?

Hello everyone,

  I'm doing some tests with decryption and vulnerability protection. I configured NAT and security policies to permit ssh access to an internal ssh server from the outside and I attached a vulnerability protection profile to the polic

Question regarding "reset-both" action

I've been seeing alot of Code Executions on Palo Alto Threat logs, most of them are not applicable on our servers and had an action of "Reset-both". Did the Firewall completely blocked the connection or there's a connection happened but did not compl

Plz share with me example of Cortex XDR report

Hello.

Some time ago i used Cortex XDR in my company, but license expired and management console is blocked. Now i`m trying to decide - if i`ll prolong it or not. My admin told me that there is some super cool-looking Cortex XDR report about accident

DNS Signatures

Our Palo started blocking a 3rd party site that is used by our organization.  It was being sinkholed.  I found the threat ID and it appears that it was tagged as virus/spyware.  Short of allowing an exception for this one threat ID, is there any othe

Security Profiles

I have a PA 3410 which has an Advanced Threat Prevention licence but when I highlight Antivirus/Anti-spyware/Vulnerability Protection there is a message in red at the bottom of the screen saying "Threat Prevention License is required for antivirus, a

Palo Alto Remediation Guidelines

Hi guys,

Do Palo Alto provides remediation suggestion on the threats that they detect? I can't seem to locate it anywhere

Wildfire Submissions

I have a couple questions concerning Wildfire which I can't find the exact answers in any of the knowledge articles. 

1. Is the entire file or email attachment sent to the WF cloud or just a sample/hash? Online I've seen both statements but can't con

Vulnerability (CVE-2022-41080

Hello Everyone,

Hope you are all doing well,

Yesterday I was received vulnerability email from paloalto.

• Palo Alto Networks released this emergency content update for a critical Server-Side Request Forgery Vulnerability in Microsoft Exchange (CVE

Discrepancies in Prisma Vulnerability Scan Report

Known issue (PAN-202288 & PAN-206672)

Kindly provide the brief about Known issue (PAN-202288 & PAN-206672)

Palo Alto Firewall CVE-2022-2884

Hi,

Does anyone know if GitLab Remote Command Execution Vulnerability is covered with Palo Alto AV Signature?

Is Palo Alto affected by it?

I was not able to find it in their Security Advisories.

Vulnerability Details:

Title

GitLab Remote Comman

EDL - Talos block list

I have various EDLs setup on various different PA models. Some work, and populate the list with IP's and effectively block in security policies. However,  for Cisco Talos block list, it just will not work:

http://www.talosintelligence.com/feeds/ip-fi