Question regarding "reset-both" action

I've been seeing alot of Code Executions on Palo Alto Threat logs, most of them are not applicable on our servers and had an action of "Reset-both". Did the Firewall completely blocked the connection or there's a connection happened but did not compl

Plz share with me example of Cortex XDR report

Hello.

Some time ago i used Cortex XDR in my company, but license expired and management console is blocked. Now i`m trying to decide - if i`ll prolong it or not. My admin told me that there is some super cool-looking Cortex XDR report about accident

DNS Signatures

Our Palo started blocking a 3rd party site that is used by our organization.  It was being sinkholed.  I found the threat ID and it appears that it was tagged as virus/spyware.  Short of allowing an exception for this one threat ID, is there any othe

Security Profiles

I have a PA 3410 which has an Advanced Threat Prevention licence but when I highlight Antivirus/Anti-spyware/Vulnerability Protection there is a message in red at the bottom of the screen saying "Threat Prevention License is required for antivirus, a

Palo Alto Remediation Guidelines

Hi guys,

Do Palo Alto provides remediation suggestion on the threats that they detect? I can't seem to locate it anywhere

Wildfire Submissions

I have a couple questions concerning Wildfire which I can't find the exact answers in any of the knowledge articles. 

1. Is the entire file or email attachment sent to the WF cloud or just a sample/hash? Online I've seen both statements but can't con

Vulnerability (CVE-2022-41080

Hello Everyone,

Hope you are all doing well,

Yesterday I was received vulnerability email from paloalto.

• Palo Alto Networks released this emergency content update for a critical Server-Side Request Forgery Vulnerability in Microsoft Exchange (CVE

Discrepancies in Prisma Vulnerability Scan Report

Known issue (PAN-202288 & PAN-206672)

Kindly provide the brief about Known issue (PAN-202288 & PAN-206672)

Palo Alto Firewall CVE-2022-2884

Hi,

Does anyone know if GitLab Remote Command Execution Vulnerability is covered with Palo Alto AV Signature?

Is Palo Alto affected by it?

I was not able to find it in their Security Advisories.

Vulnerability Details:

Title

GitLab Remote Comman

EDL - Talos block list

I have various EDLs setup on various different PA models. Some work, and populate the list with IP's and effectively block in security policies. However,  for Cisco Talos block list, it just will not work:

http://www.talosintelligence.com/feeds/ip-fi

Vulnerability: Microsoft Windows RPC Encrypted Data Detected Mean???

hi;

How to remove this message: Microsoft Windows RPC Encrypted Data Detected from a windows 10 computer that palo alto always report this type of thread???

Whats mean Microsoft Windows RPC Encrypted Data Detected???