What is Threat ID 40033 "DNS ANY Queries Brute Force DOS Attack"

Hi All 

I need to know about Threat ID 40033 "DNS ANY Queries Brute Force DOS Attack". I found the firewall drop traffic and hit the threat id-40033, but we try to packet capture with this traffic for DNS query for same source and same destination

Vulnerability - HSTS header does not contain includeSubDomains

This vulnerability is detected on global protect public ip.

HSTS header does not contain includeSubDomains

The HTTP Strict Transport Security (HSTS) header does not contain the includeSubDomains directive. This directive instructs the browser to also

Threat 576037320

Hi Team,

Threat 576037320 was released in one of the recent anti-virus definitions and we were wondering if we could get some more information as to why the domain of "wvtc.com" was flagged as malicious. This domain belongs to one of our customers an

Pan-OS Bug

• In Preliminary checks we found that all data ports of Backend Firewalls were down
• we established Console access to BE Firewall, we found that Firewalls were running in the maintenance mode
• We managed to reboot BE Firewalls and bring them up at about 7.

Bioc rules (XQL query)

Hello everyone. I need help about bioc rules. I found a lot of ioc rules from other source. But I dont know how can I change that ioc rules to BIOC rules. Thats really so big problem for me and I can't figure out. Who can help me about that? Thanks i

SSH Proxy decryption disables vulnerability protection?

Hello everyone,

  I'm doing some tests with decryption and vulnerability protection. I configured NAT and security policies to permit ssh access to an internal ssh server from the outside and I attached a vulnerability protection profile to the polic

Question regarding "reset-both" action

I've been seeing alot of Code Executions on Palo Alto Threat logs, most of them are not applicable on our servers and had an action of "Reset-both". Did the Firewall completely blocked the connection or there's a connection happened but did not compl

Plz share with me example of Cortex XDR report

Hello.

Some time ago i used Cortex XDR in my company, but license expired and management console is blocked. Now i`m trying to decide - if i`ll prolong it or not. My admin told me that there is some super cool-looking Cortex XDR report about accident

DNS Signatures

Our Palo started blocking a 3rd party site that is used by our organization.  It was being sinkholed.  I found the threat ID and it appears that it was tagged as virus/spyware.  Short of allowing an exception for this one threat ID, is there any othe

Security Profiles

I have a PA 3410 which has an Advanced Threat Prevention licence but when I highlight Antivirus/Anti-spyware/Vulnerability Protection there is a message in red at the bottom of the screen saying "Threat Prevention License is required for antivirus, a

Palo Alto Remediation Guidelines

Hi guys,

Do Palo Alto provides remediation suggestion on the threats that they detect? I can't seem to locate it anywhere

Wildfire Submissions

I have a couple questions concerning Wildfire which I can't find the exact answers in any of the knowledge articles. 

1. Is the entire file or email attachment sent to the WF cloud or just a sample/hash? Online I've seen both statements but can't con

Vulnerability (CVE-2022-41080

Hello Everyone,

Hope you are all doing well,

Yesterday I was received vulnerability email from paloalto.

• Palo Alto Networks released this emergency content update for a critical Server-Side Request Forgery Vulnerability in Microsoft Exchange (CVE