This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About mgusta
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About mgusta
10-17-2022
32Posts
3Likes
0Solutions
Oct 17, 2022Last Visited
User
Activity
User
Profile
Latest posts by mgusta
| Subject | Views | Posted |
|---|---|---|
| 1069 | 04-01-2020 04:34 AM | |
| 2037 | 02-08-2019 12:15 PM | |
| 6775 | 04-18-2018 06:21 AM | |
| 6779 | 04-18-2018 05:44 AM | |
| 6811 | 04-18-2018 04:10 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 12-18-2014 02:50 AM | |
| 1 Like | 12-18-2014 02:14 AM | |
| 1 Like | 12-19-2014 12:05 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like | |||
| 1 Like |
User Badges
Community Statistics
| Member Since | 12-18-2014 12:25 AM |
| Date Last Visited | 10-17-2022 04:43 AM |
| Posts | 32 |
| Total Likes Received | 3 |
04-01-2020
04:34 AM
Hi, I would like to stop (block) an ip when there are a number of failed logon attempts but I cant get it to work. The vulnurability signatures are not being triggered. The other day someone tried over 400 different user names against out owa. 6 tries for each. None were sucessfull, and we use MFA, but I still want to halt the attack. Can it be done? I´ve enabled inbound decryption and now I see application Outlook-web insteaf of just ssl. I´ve also created exceptions for all brute force signatures to trigger after just 5 repeats for testing. But no child signatures (failed log on attempt etc.) are triggered so the parent signature never fires no matter how low I set the threashold. What could be wrong? Is the decryption still not working fully so the failed attempts are hidden in the ssl stream? How can I troubleshoot? Thanks, Mikael
... View more
03-13-2019
07:55 AM
1 Kudo
Hi @Eshrak,
this article is out of date, please refer to the updated version instead: https://live.paloaltonetworks.com/t5/MineMeld-Articles/How-to-Safely-Enable-access-to-Office-365-using-MineMeld-Updated/ta-p/224148
... View more
04-18-2018
08:52 AM
You should automatically receive the update, you will just need to add the new Miners to the config once the update has been rolled out. More details will be provided in the release notes.
Thanks,
luigi
... View more
05-20-2017
02:58 AM
Hi @mgusta I understand your point and there are definately some situations where your request could be useful. But personally I think you would also loose some granularity/visibility. For me it is better to choose per security policy rule what inspection should be applied. In addition I normally work work with security Profile groups. If I then need to test/change somethin for a specific user/group I simply clone the existing rule and add the new security profiles. This also gives you the flexibility to apply different log forwarding profiles to specific rules. Ok this can now in PAN-OS 8 also be done with log gorwarding profile match lists but if you have a lot of specific cases for log forwarding (critical threat alerts-->snmp, traffic to sinkhole zone-->email,wildfiresubmissions to incident management-->http, ...) this will also add some complexity to the forwarding which is in some cases easier to handle with security policies with specific security profiles. Regards, Remo
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
10-17-2022
04:43 AM
|
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks