I will be installing and using MineMeld on a virtual REHL 7 Server. I was wondering if the community had any advice/lessons learned from the installation, use, and implementation of MineMeld at their organizations. Thank you!

Does anyone have experience integrating PaloAlto firewall with Cisco Intrusion Prevention system? Does it work? Does it have sence?

Changing the ML address to "localhost", it keeps going back to the IP assigned to the virtual ethernet interface. Did we ever come up with a way to force it to change to and keep "localhost"?

Looks like the Northern Ohio chapter of the Palo Alto Networks Fuel User Group has an eye for rockstars, too! We couldn't agree more with the chapter's recognition of Tom and its warm invitation to have Tom attend a chapter meeting with the Cleveland-based group. Moreover, in keeping with Tom's growing

Catch up on all the latest Palo Alto Networks news.

Symptoms Configured auto-remediation using this guide: http://docs.evident.io/#auto-remediation-via-lambda-walkthrough, but the offending resource is not automatically remediated. Diagnosis Configure an AWS resource that would trigger the signature. Wait for the fail alert to generate.  It may take up to 2 scan intervals (by default, 1 scan interval is 15 minutes). Once the alert

Weekly Scheduled Deploy - July 11 2018   The following updates are scheduled to take effect on the Evident service on 7/11/2018:   Enhancements New Signature: AWS:EC2-043 - Security Groups With Open Private CIDRs Description: This signature checks all of your EC2 security groups and returns an alert if any inbound rules

RDP access to Citrix via GlobalProtect clientless VPN Enabling RDP access to Citrix environment through GlobalProtect Clientless VPN GlobalProtect Clientless VPN supports access to remote desktops (RDPs), VNC or SSH. Learn how to enable your existing Citrix deployment to provide support for RDP through GlobalProtect Clientless VPN. Read more...  

I'm wanting to do some policy work (app-id migraiton) on a firewalls that is basically 100% managed by Panorama.  Don't want to mess with all others yet.  How do I get the policy set that's managed in Panorama for just one firewall int Expedition?

Get the latest NextWave Partner news in this week's Channel Scoop.

Unit 42 monitors the continued evolution Upatre and its anti-analysis Techniques.

Caught this in the temporary file for log processing...     # There is insufficient memory for the Java Runtime Environment to continue. # Native memory allocation (mmap) failed to map 113700864 bytes for committing reserved memory. # An error report file with more information is saved as: # /tmp/hs_err_pid51410.log

I am attempted to perform an ansible install of Minemeld on RHEL 7. I am receiving the following error. Anyone seen this and have any suggestions for remediation?  Thanks   I receive the following message when I run the ansible playbook:   TASK [minemeld : bower install] ********************************************************************************** fatal: [127.0.0.1]:

For the month of July 2018 the new application release date is set to be the 17th. This time around a couple of important updates will be added to the sharepoint 'portfolio' which you'll want to compare to your existing security policy and user adoption to ensure you are ready

I was able to parquet logs every day for 10 days.  After the upgrade, Expedition no longer sees new files.  Path and permissions have not changed.   A stand-alone firewall has no issue.   Should I delete the Pano and managed devices and recreate?

Hello, First, I am not a programmer, so please keep that in mind ;-) I would like to create a miner for the Anomali Limo TAXII feed. The Anomali documentation is not very good:   You can also get the benefits of Limo without STAXX. Simply: ​ Configure your TAXII

Question Testing a virus download from different websites using SSL Decryption yields different results. Sometimes you receive a response page indicating Virus/Spyware Download block, and on other sites you don't see a response page. In the first case, you can also see that whenever the response page is triggered, a

Unit 42 investigates how attackers were creating fake versions of some well-known and well-trusted websites, and how they were used in phishing emails to unsuspecting victims. Read the Threat Brief to learn more.

Learn how Kevin Wilson, Corporate Information Security Manager replaced their legacy antivirus solution at all Guess? retail locations with Traps to protect their stores from breaches and cyberthreats. The ease of setup and efficacy catch rate for malware, Traps exceeds all expectations. Having the Palo Alto Networks Security Operating Platform provides Guess? with information they need to evaluate and act on threats to their retail and corporate environment.

Hi,   i want to query Mineneld using the API, in order to get indicators or information about the tool, to automate some reports. For example, i need to know how many indicatores we have added in the last X days, or last month..., how many indicators are in some

A Deeper Look at Growing Threats to Mobile Networks and Subscribers

Hello All,   I am using PA-820, i only have cli access to device. I will require to verify traffic from a particular source and destination on the device. Do we have any commands to do that ? May be something like packet tracer to get all the routes / ACL

Question I know an external account exists, but I can't find it.  Why? Answer There are many reasons for this, but the most common one is that your user does not have permissions to view this external account.  To check, login to Evident platform, go to Control Panel -> Users,

  PA newbie here!  I am digging in to the PA traffic processing algorithm & on the 4th leg of the process I see that the traffic is allowed at this point but gets scanned against the configured security profile.  This sounds like where IPS comes into the picture am I correct? 

As part of Unit 42’s ongoing threat research, we can now disclose that Palo Alto Networks Unit 42 researchers have discovered eight vulnerabilities.

Watch the replay of the Q4 Fy18 Global NextWave Partner Webinar.

Ireland’s National Education & Research Network protects more than a million students and teachers from cyberthreats with the Security Operating Platform.

The VM-Series has been optimized and expanded to deliver industry-leading performance of up to 16Gbps of App-ID-enabled firewall throughput across five models.

How to allow access to YouTube videos embedded in a website, but block access to other YouTube videos   Use Case:    An administrator of the Palo Alto Networks next-generation firewall wants to enable students/employees to watch YouTube videos embedded in their website, but block access to all other YouTube videos.  

I'm getting the below message in my minemeld logs and not sure what is causing it     2018-07-11T00:30:28 (16652)config._destroy_old_nodes INFO: Destroyed nodes: [_ConfigChange(nodename=u'Amazon_IPv4_Agg_General', nodeclass=u'minemeld.ft.ipop.AggregateIPv4FT', change=1, detail={'inputs': ['Amazon_AWS', 'Amazon_CloudFront', 'Amazon_EC2', 'Amazon_S3', 'Amazon_Route53_Agg'], 'config': {'whitelist_prefixes': ['Amazon', 'wl'], 'infilters': [{'conditions': ["__method == 'withdraw'"], 'name': 'accept withdraws', 'actions': ['accept']}, {'conditions': ["type == 'IPv4'"], 'name':