About Mohammed_Yasin

Open Control Panel Go to Programs and Features Click View Installed Updates Search for the Windows Internet Explorer 9 update Right click it and Uninstall (Optional) If the uninstall process fails, open Command Prompt, and run the following command: Note: You will need administrator privileges to run this. cinehub ... View more

@Mohammed_Yasin, Just to add on to what @OtakarKlier mentioned, you aren't going to have a one to one match on a snort rule when you attempt to map them via a custom signature. The terminology isn't the same at all, but generally speaking every option you are looking for is going to be present. The real change here is that PAN separates a lot of this information between request and response, so in a lot of situations you'll actually have to know the direction of traffic.  I wouldn't recommend building a custom threat signature unless you actually need to within your environment. So the Snort rule that you pulled from MS-ISAC is an example of what Snort can look at, but PAN is already providing more than 200+ signatures to detect emotet related traffic and threats. If I really wanted to take every single Snort rule that they built out to ensure we were covered from the threat, I would simply install a snort node. ... View more

You don't block by hash, you block by file pattern using the Antivirus engine, and a signature would exist if the sample is identified by WildFire as malicious.   You can check what signatures produce coverage by querying the SHA256 hashes in ThreatVault https://threatvault.paloaltonetworks.com/   If there is a malicious file that needs coverage, submit it to WildFire at https://wildfire.paloaltonetworks.com/ ... View more

@claudec    I think it can be helpful, if converting the hash into HEX and create a custom vulnerability to drop anything that matches the file hashes. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClOFCA0   And I have noticed, few of the hashes are already listed in Cisco Talos File Repute but not in PA Threat Vault. ... View more

@Mohammed_Yasin,  yes you can download the required version agent from Palo Alto support portal from Software Updates tab. ... View more

@Mohammed_Yasin, I would open a TAC ticket and see if they can see what's going on. PAN-OS 10.0 is a brand-new release, so you'll likely run into things like this until it has more time to bake in the wild and bugs get worked through. I absolutely wouldn't be running 10.0 in a production environment unless you need a feature that has been added into PAN-OS 10.0.  As for the guides you referenced, none of them have been updated for 10.0 yet from a quick glance. Since you have additional fields you may very well have to manually build extractors that function correctly with the new fields for PAN-OS 10.0. This is one of the downsides of upgrading to a new release early.  ... View more

All the listed file types are supported, other file types are not analysed     ... View more

try restarting the logreceiver: > debug software restart process log-receiver   if that doesnt work (give it a few minutes)   try a commit force: # commit force   if that still doesn't work, see if this works: - backup your current config and collect a techsupport file and stats dump file (in case you want to open a support case) - open your security policies, verify 'log at end' is enabled and click OK (this to verify the setting is ok, and also refeed the rule to the config, clicking 'ok' tells the system to accept your rule as a new config addition, even if it is identical - commit     ... View more