Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- 5G
- IoT Security
- Prisma SD-WAN
Network Security
- Prisma Access
- Prisma SaaS
- Prisma Cloud
- CN-Series
- VM-Series:
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
Security Operations
- Resources
- COVID-19 Response Center
- LIVEcommunity
- ›
- About marcelocampos
About marcelocampos
Announcements
Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
10-09-2020
12Posts
0Likes
0Solutions
Oct 09, 2020Last Visited
User
Activity
User
Profile
Latest posts by marcelocampos
| Subject | Views | Posted |
|---|---|---|
| 1006 | 10-09-2020 09:43 AM | |
| 1077 | 10-08-2020 07:55 AM | |
| 579 | 09-29-2020 05:51 AM | |
| 1113 | 09-08-2020 12:32 PM | |
| 1296 | 08-23-2020 04:40 PM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 | |||
| 1 | |||
| 2 | |||
| 1 | |||
| 1 |
User Badges
Public Statistics
| Date Registered | 02-28-2020 07:18 AM |
| Date Last Visited | 10-09-2020 10:26 AM |
| Total Messages Posted | 12 |
10-09-2020
09:43 AM
Hi @BPry , I made changes to the policy, it was set like this. I see google traffic through the necessary ports, but users continue to report audio problems. Another issue is that aged out queries are appreciated. On the other hand we have no problems for example with microsoft teams. any idea or suggestion that may be happening? I already appreciate your help. regards!
... View more
10-08-2020
07:55 AM
Good morning community, I have problems to configure an access policy from the internal user network to the google-meet video conferencing service, users report that they do not listen to or view the video. When leaving the policy to any destination I see a lot of traffic going through the policy which I am not sure corresponds to google-meet. Currently I have the policy configured as follows. Any reference that I can be doing wrong? Or if the policy is wrongly configured? I already appreciate your help. Thanks. Best regards.
... View more
09-29-2020
05:51 AM
Hi community, Can cortex detect and analyze .zip files with password and delivered via email?
... View more
09-08-2020
12:32 PM
good day community, I have an incident due to the execution of an excel file that contains macros. According to the verdict and its hash the file is not a threat. My question is the following which is the most suitable method to allow the execution of said file? In the incident analysis window, right click on the allow list process or generate an exclusion? what is the difference? Best regards
... View more
08-23-2020
04:40 PM
Hello, @vsys_remo. I update the resolution of my problem, effectively I had to create 2 custom app id signatures, with the necessary patterns and parameters so that the traffic is identified as the custom app. After confirming that the traffic is identified, continue generating the policies before the general flow of mail traffic. Just a question, I actually see the queries pass to the app customized by the new rules, but I also see traffic pass with an incomplete app, this is a problem? Is it traffic that is specified? I understand that after the three-way handshake, not enough packets pass through to identify the application, but is it still traffic to the tcp / 25 port that is being allowed? But functionally speaking, the pishing scenario is already productive, I greatly appreciate your collaboration and help. Best regards.
... View more
08-18-2020
10:45 AM
Hi, @BPry You have helped me a lot, with the explanation now it is clear to me! Thank you very much!
... View more
08-18-2020
09:08 AM
hello community, I have a question that I have not been able to solve with the study material and it keeps breaking my head. Here it goes, when I generate an application-based security policy, for example from "trust" 10.xxx to "untrust" any with app anydesk specification (with the ssl dependency), I see the corresponding traffic between the internal lan and the destination on the internet corresponding to anydesk is fine, but here comes the doubt, I see traffic to other addresses by ssl but the record indicates that the application is incomplete (understanding that after the 3-way handshake there is no more packets) can I assume that traffic is not establishing a session and that the policy is doing its job of accepting "ANYDESK" and denying everything else? As long as the application output is incomplete, that traffic is not being established even though the traffic log indicates allow?. And the last one, when I configure a security policy towards any internet, only specifying the application and its dependencies, am I opening a communication flow towards any destination according to the applications and dependencies? example a conection ssl to microsoft destination can forward by the policy maked for anydesk? Thank you in advance for your guidance and clarification.
... View more
08-11-2020
08:28 AM
Hello @vsys_remo , thanks for you help. According to what I understand and what I have investigated, the issue of the custom application is not clear to me, how is it configured? since the traffic is smtp tcp / 25. What differentiates it from normal smtp? and how is the bypass performed so that wildfire in the firewall does not analyze it?. Thanks!. Best regards.
... View more
08-10-2020
02:54 PM
Good day! community, I have a question, what treatment is given to executables that are signed as weak hash? I understand that cortex XDR will block its execution. Can it be excepted considering that it is a utility software? The hash is unaltered and WF's verdict is benign. What things should I verify or take into account as best practices to expedite the investigation and take actions on the alarms. Thanks in advance. Best regards.
... View more
08-10-2020
10:28 AM
Good day @vsys_remo As you indicate, effectively remove the security profile in the perimeter vsys, but after a new review I realized that there is another context that participates in the mail communication flow, a virtual context called vsys datacenter (internal servers). Regarding the custom url filter, add the urls with the wilcard *. before the domain in order to allow everything associated. It may be that with the discovery of the participation of the vsys datacenter context in the communication flow is the reason for the inconvenience. Similarly, is there a way to empirically diagnose if it corresponds to wildfire or pan db URL?
... View more
08-09-2020
03:35 PM
Hi @vsys_remo , I'm not sure if it's the pan db url filtering or wildfire. The truth is that it performs the exercise by removing the security profile sends to wildfire from the security policy, keeping the custom url filter in the policy, to allow the urls of the pishing testing tools (smartfense). Even so, the emails are still being analyzed by IP of palo alto. our mail flow is: load balancers (untrust) -> vsys perimetral fw - trendmicro antispam (dmz zone) -> on-premises exchange server (trust). the tests were done by removing the wildfire security profile in the untrust -> dmz policies and dmz -> trust zone. I stay tuned, I appreciate your help.
... View more
08-08-2020
10:40 AM
In my company we are generating authorized pishing test scenarios to test users who compromise their assets when interacting with pishing links in their emails, for this we want to collect information and statistics on who opened the email, clicked on the link and / or entered personal information. To then generate awareness campaigns. The tool used is called Smartfense, we previously tested with Cofense but we had the same result. The problem is that the links contained in the emails are previously analyzed by the PAN DB URL, which corrupts the test results generating false positives. The data of our corporate firewall are: Model PA3250 S.O version 9.0.9h1. Inbound security policies were configured allowing in the policy a customized url pointing to the url of the Smartfense tool, according to the information released by the tool manufacturer. Even so, the links continue to be analyzed. Has anyone had the same problem ?, I remain attentive to your kind help. Regards.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
10-09-2020
10:26 AM
|
Latest Blogs
Latest Posts
Copyright 2007 - 2021 - Palo Alto Networks
