Threat ID in the ranges between 8700-8799, Packet Based Attacks Protections in "Zone Protection" profiles

License issue

Hi all, 

In my Pa-220 box we have not purchased license of advance threat prevention but its still showing me in the license tab and and its also showing as expired license of (ATP) , the firewall is in ha but on passive one everything is correct,

not-resolved URL for s3.us-central-1.wasabisys.com

,

Could you help me see why the s3.us-central-1.wasabisys.com comes back as a not-resolved category and is a threat?

False positive - Threat ID 86672 - NewPOSThing Command and Control Traffic Detection

Has anyone seen critical alerts for this threat? It was added as a new signature yesterday in Apps&Threats release 8626-7624. We immediately had an alert for it for traffic to hxxps://www.riddle.com/ws/connect/5  So far it looks like a false positive

PAN DB vs Advanced

Hello ,

Just want to know if PAN-DB and Advanced URL are different licensing

If Advanced URL is purchased , does it cover PAN-DB

We have a customer who puchased Advanced URL  , but not PAN DB

High vulnerabilities PAN-OS reported by vulnerability management scan

Hello colleagues:

Good afternoon, hope you are all well.

Some of you have reported these critical vulnerabilities to them, by Nesus Scan:

Tcp flood

Hi,

today from 15.10 to 16.10 I received more than 15600 calls from the same IP. The Windows 2012 server already has a function against SYN ATTACK and TCP FLOOD, and I see it on the tcp-rst-from-server log monitor, but they are very small compared to

Session Token Extend resource

We are on Version 22.06.197 of the Prisma Cloud. I want to know if there is a resource for session token extension or if there is a workaround other than re-initiating the request for a new token.

The resource for the Authenticate Client I have been

Potential false positive AV for MS VisualStudio update

Running into a weird problem with VisualStudio update package being detected as a generic virus after recent update to Threat databases. But I can download the indicated file itself just fine. Anybody know what's going on here? Current AV database 41

False positive - Atlassian Confluence Remote Code Execution Vulnerability 92632

Threat ID 92632 was added late 6/3 for the new Atlassian 0-day exploit. All morning we have been seeing false positives on the new signature. Anyone else seeing the same? 

Seems to be alerting to the inclusion of javascript ad code across multiple we

Moving from RSA to ECDSA

Hi, we are using some RSA certs and due to a vulnerability we need to swap them for ECDSA. Our usual cert provider doesn't offer ECDSA. Could someone suggest the best way to obtain this please? I wasn't sure if OpenSSL was a valid option? Thanks, Joh