Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Live
- ›
- About Mohammed_Yasin
About Mohammed_Yasin
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Thursday
25Posts
0Likes
1Solution
May 21, 2020Last Visited
User
Activity
User
Profile
Latest posts by Mohammed_Yasin
| Subject | Views | Posted |
|---|---|---|
| 50 | 2 weeks ago | |
| 225 | 2 weeks ago | |
| 239 | 2 weeks ago | |
| 284 | 2 weeks ago | |
| 176 | 2 weeks ago |
User Badges
Public Statistics
| Date Registered | 01-21-2020 03:30 AM |
| Date Last Visited | Thursday |
| Total Messages Posted | 25 |
a week ago
Hi Joe, I have the same issue. Let me explain, When I am on the actual firewall, I have an option to choose sg1 (Shared gateway) as a Virtual System under the Policies tab. Here I have the option to create NAT policy or Policy Based Forwarding. When I go to the Panorama, under the policies tab, I can only see the device-groups that I have created. Not sure where I would apply the NAT configuration for the Shared gateway.
... View more
2 weeks ago
I recently configured Path Monitoring for Auto Fail-over between 2 ISP but it is not working. Primary route is not removing from the routing table even when destination IP is unreachable ISP-1: x.x.x.x ISP-2: x.x.x.x I have configured both interface on single zone so that single policy applies then I configure Path monitoring. I am using single Virtual Route Domain and static route Issue Category : Network/Routing Firewall : PA-5020 HA OS Version : 8.1.10
... View more
2 weeks ago
Thanks for the response. Whether Palo alto support will be able to validate the custom signature created? Where this IPS should be applied on, Inbound or outbound security rule?
... View more
2 weeks ago
Thanks for the update. It's Palo Alto aware of this Malware? MortiAgent Malware is added to the Palo Alto signatures database What should we do to protect our network?
... View more
3 weeks ago
Hi @Mohammed_Yasin ,
I don't know if that could be a solution to the problem.
Eitherway, rooting into a device is something only support engineers can do.
So I would recommend contacting them and ask if this is an option.
Cheers,
-Kim.
... View more
3 weeks ago
I want to stop the MortiAgent malware by applying /using snort rule & also using yara rule? How to configure this in Palo alto ? Below are snort & Yara Rules: 1. The below SNORT rule can be used to detect the MoriAgent Beacon. alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:" MoriAgent Beacon HTTP Request"; content:"/Index.php?i="; depth:200; content:"&t="; within:64; content:"HTTP/1.1"; within:64; content:"Content-Type: application/json"; within:32; content:"Content-Length: 0"; within:90; threshold:type limit,track by_src,count 1,seconds 120; sid:1000001; rev:001;) 2. Below are YARA rules to detect POWERSTATS. YARA rule to detect the substitution table used in PowerShell code. rule SubstitutionTable_in_PowerShell { meta: description = "Detect the substitution table used in PowerShell code (2019-2020)" hash = "A18016AF1E9ACDA5963112EE8BEEB28B" strings: $a1 = "Replace('(','a'" $a2 = "Replace(')','b'" $a3 = "Replace('{','c'" $a4 = "Replace('}','d'" $a5 = "Replace('[','e'" $a6 = "Replace(']','f'" condition: $a1 and $a2 in (@a1..@a1+200) and $a3 in (@a1..@a1+200) and $a4 in (@a1..@a1+200) and $a5 in (@a1..@a1+200) and $a6 in (@a1..@a1+200) and filesize < 100000 } YARA rule to detect PowerStats backdoor. rule POWERSTATS_JscriptLauncher { meta: description = "POWERSTATS Jscript Launcher" hash = "6C97A39A7FFC292BAF8BE1391FCE7DA0" strings: $a1 = "$s=(get-content" $a2 = "Get('Win32_Process').Create(cm" $a3 = "var cm=" condition: all of them and filesize < 600 } YARA rule to detect PowerStats de-obfuscated rule POWERSTATSLite { meta: hash = "A18016AF1E9ACDA5963112EE8BEEB28B" strings: $a1 = "$global:key" $a2 = "$global:time" $a3 = "webreq = [System.Net.WebRequest]::Create($url)" condition: all of them and filesize < 3000 } YARA rule to detect MoriAgent implant rule MoriAgent { meta: description = "C++ MuddyWater implant" hash = "12755B210EC1171045144480ACD05AA8" strings: $f1 = "|x7d873iqq" ascii fullword $f2 = "ljyfiiwnskt" ascii fullword $f3 = "htssjhy" ascii fullword $f4 = "kwjjfiiwnskt" ascii fullword $f5 = "hqtxjxthpjy" ascii fullword $f6 = "\\XFXyfwyzu" ascii fullword $f7 = "\\XFHqjfszu" ascii fullword $f8 = "ZmilXzwkm{{Umuwz" ascii fullword $f9 = "^qz|}itXzw|mk|" ascii fullword $f10 = "_zq|mXzwkm{{Umuwz" ascii fullword $content = "Content-Type: application/json" ascii fullword condition: uint16(0) == 0x5A4D and filesize < 2MB and $content and 5 of ($f*) } YARA rule to detect PowerStats Implants rule POWERSTATS_Implants { meta: description = "Detects all POWERSTATS implants" hash = "A18016AF1E9ACDA5963112EE8BEEB28B" hash = "409558610BE62655FBA0B1F93F2D9596" hash = "DD32B95F865374C31A1377E31FA79E87" strings: $a1 = "if ($resp -ne $null){" $a2 = "out = $_.Exception.Message" $a3 = "IEX $cmd -ErrorAction SilentlyContinue" condition: all of them and filesize < 50000 }
... View more
04-22-2020
06:36 AM
Hi @Mohammed_Yasin ,
What PAN-OS are you running ?
Is it PAN-DB ? Try downloading and installing the seed database.
What output do you get when you test a URL ?
> test url paloaltonetworks.com
What do you get when you check the URL database ?
> show system setting url-database
What does the request license info show you in relation to your URL filtering license ?
> request license info
>show running url-license
What do you get when you check the cloud-status ?
> show url-cloud status
Hope this helps,
-Kiwi.
... View more
04-20-2020
05:31 PM
Hello Only SMTP relay or white-listing the mgmt IP to send out un-authenticated email messages is allowed. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClUiCAK
... View more
04-20-2020
05:32 AM
Hi @Mohammed_Yasin ,
It looks like your OSPF adjacency flapped.
As to why this happened you'll need to do further debugging.
The timeframe allows you to narrow down and check other logs for related events. Also check the traffic log during the timeframe when this occured.
Get the TSF and have it analysed by support.
Cheers,
-Kiwi.
... View more
04-09-2020
03:24 AM
Thank you for your comments: I am looking for something similar like to suppress or LSA controller Example: if I have multiple branches across the city. Connected to DC, I mean Cisco router (Branch) connected to the Cisco ASA and the Cisco firewall as a DC FW and it's connected to Paloalto as a perimeter firewall. If any host wants have to access the perimeter end. The host comes to DC firewall which is a Cisco ASA and Cisco has a role to forward the route to next-hop and its forwarding to Palo alto firewall as receiving and the route is an OSPF Route protocol Now exception: if Palo alto receives an OSPF route from is neighbor CISCO ASA, and if OSPF has 10 routes in the table. Here Palo alto has to take a decision on receiving the OSPF route, it should filter the route and have to forward on his next hope or Palo alto have reject either drop itself.
... View more
03-31-2020
07:23 PM
Do you know if the certificate has been trusted? See step 3 here: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/get-started-with-cortex-xdr-pro/set-up-endpoint-protection/enable-access-to-cortex-xdr You may have to pull down the cert and install it. See example here: https://blog.confirm.ch/adding-a-new-trusted-certificate-authority/
... View more
03-31-2020
07:15 PM
Hi there, Please see step 3 in the document listed at this URL: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/get-started-with-cortex-xdr-pro/set-up-endpoint-protection/enable-access-to-cortex-xdr Do you know if the 3 certs are trusted on the Linux server in question?
... View more
03-11-2020
11:05 PM
See article below for more details https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clk7CAC In case unspecified of source IP, then the management interface IP will act as a default IP
... View more
03-11-2020
10:41 PM
Let me brief, the Unnecessary traffic over management interface, In Perimeter PA 5020 In Data Center Cisco ASA 5xxx In the Cisco firewall logs, the traffic sources are PA Management IP and Destination is Cisco management IP and attempt on port 135. Attachment of logs
... View more
03-03-2020
01:08 PM
@Mohammed_Yasin, You need to reach out to support and request that they add support for ARM processors; this is already in the works, but more people asking for it may prioritize the request higher in PANs internal processes. As it currently stands, you won't be able to install Traps on this endpoint.
... View more
03-03-2020
07:59 AM
1 Kudo
I had put on a support request when the Surface X was released. They told me its not compatible. Might have changed now. Check with support.
... View more
02-06-2020
01:23 AM
Hi @Mohammed_Yasin ,
As far as I can read it's not confirmed that you're hitting this exact bug referenced in the link.
Check if there are related corefiles created with the following command
> show system files
Export them and together with the tech support file have them analyzed by TAC to confirm wether or not you're hitting this issue or if you are experiencing something else.
Cheers !
-Kiwi.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
Thursday
|
Latest Blogs
Latest Posts
Copyright 2007 - 2020 - Palo Alto Networks
