This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
About EJaspe
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- About EJaspe
07-03-2022
6Posts
1Like
0Solutions
Jul 03, 2022Last Visited
User
Activity
User
Profile
Latest posts by EJaspe
| Subject | Views | Posted |
|---|---|---|
| 236 | 07-03-2022 03:50 PM | |
| 337 | 06-29-2022 07:48 PM | |
| 365 | 06-12-2022 10:16 PM | |
| 305 | 05-25-2022 11:15 PM | |
| 1060 | 05-25-2022 07:41 PM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 05-24-2022 01:15 AM |
User Badges
Community Statistics
| Member Since | 05-24-2022 01:05 AM |
| Date Last Visited | 07-03-2022 07:10 PM |
| Posts | 6 |
| Total Likes Received | 1 |
07-03-2022
03:50 PM
Hi Silviu, How to log a ticket to your customer support? May I know their email? Thank you!
... View more
06-29-2022
07:48 PM
Hi all, Some of our endpoints in our Cortex XDR Console shows a "Connection Lost" Status but the endpoint is still active. The cytray shows disabled and no connection. We also checked the control panel and upon checking, The installed Cortex XDR Agent is not available or missing. How is it possible that the cortex XDR agent is gone on the control panel even the cytray and Palo Alto Traps is still on the Local folder? What would be the cause of the problem and is there any solution? Hoping for your help. Thank you in advance.
... View more
06-12-2022
10:16 PM
How can I resolve this kind of alert on our internal network? The source is our Manage Switch and the destination is our MPLS. The alert source comes from the PAN NGFW. Thank you in advance for your response. I hope you can help me to strengthen my analysis.
... View more
05-25-2022
11:15 PM
Alert name: Virus/Win32.WGeneric.clqdkh Hash:(sha256): 354ef16a451f716c8cb3b47ced9878d8962088c143dfa2cf01f4f2ddfc70c097 I've checked the hash file for the the alert name through the https://threatvault.paloaltonetworks.com/ and I got the hash on it. After checking this hash on Virustotal, the result is "No Matches found". My questions: 1) If no matches found result, does it mean that the hash is new? 2) How may i determine if is it false positive or malicious? I checked similar cases regarding on Virus/Win32.WGeneric and they says that this is a false positive. Give me some thoughts and ideas about this for additional knowledge as i'm starting on this role as a cyber security. Thank you in advance!
... View more
05-25-2022
07:41 PM
Hi Ymiyahista, Sorry if I reply on this thread. Yes, I will create new thread if I have a new questions/concerns. By the way, here is my answer to your question to my question. - Are you seeing the threat log "HTTP Unauthorized Brute Force Attack - ID 40031" which destination IP address is the fileserver? If so, the fileserver is also running as a web server, right? Please help us clarify your questions. - Are you seeing the threat log "HTTP Unauthorized Brute Force Attack - ID 40031" which destination IP address is the fileserver? If so, the fileserver is also running as a web server, right? The destination address is from our internal fileserver itself. the source IP Address is our client's endpoint. Our client's endpoint is connected to our internal network and he is accessing it within our premises. As per our Data Center Admin, our fileserver is running locally and not by web access. - Do you want to know if the web access was performed by using IP address or hostname? In that case, you can look at the HTTP Host header. The logging must be enabled on the web server to see it in the log. Or you can capture the traffic and check. By accessing our fileserver, our endpoints should connected to our internal network. If the endpoint is outside the premises, they access the fileserver by connecting to VPN and access it locally.
... View more
05-24-2022
01:15 AM
1 Kudo
Hello All, We have a fileserver within our internal network and they can access it locally by hostname. I would like to ask, how if this alert is from internal access and not from external IP? How would I know if they using web browser to access the IP of the server? Shall I ask our Data Center Admin to check the fileserver? Thank you in advance!
... View more
LEGAL NOTICES
Copyright 2007 - 2022 - Palo Alto Networks