Date

By Source

By Technology

By Services

By Audience

Displaying 2491 to 2520 of 9713

Help on CSV Output Feed

I'm looking to output feeds to a format that I can ingest in some log analysis tools, and need to output fields that I have defined in miners. Is there any information on how to access that data and output it?

kx1499,
  • 0
  • 0

Let’s not forget RegTech is also about cybersecurity

Regulatory Technology (RegTech) is becoming more of a tool to help organisations comply with automation and regulatory requirements, but Palo Alto Networks believes that they should be aware of how it will affect cybersecurity and the implications on busines operations.

  • 0
  • 1029

Gastkommentar: EU-Datenschutzvorschriften sind Weckruf

Greg Day von Palo Alto Networks ist überzeugt: Neue EU-Datenschutzvorschriften werden in den Führungsetagen für einen großen Weckruf in Sachen Cybersicherheit sorgen.

  • 0
  • 947

Tips & Tricks: Considerations for TS Agent and User-ID Agent in a Mixed Environment

In an environment where both Terminal Services (TS) Agent and User Identification (User-ID) Agent are used to ascertain which users are logged on to certain systems, some precautions need to be taken to prevent incorrect mapping of users, mainly regarding the terminal servers, where multiple users can be logged on

reaper,
  • 0
  • 1

Use anybody paloalto-logs in minemeld?

Hello, does use anybody the logs from a plaoalto-fw in minemeld? And what was the reason for to do this on this way? Thanx for your answers. :-)

R.Boehm,
  • 0
  • 0

Tips & Tricks: How Does the ACC Work?

This week's Tips and Tricks is going to be brief. I've already covered the ACC in previous articles (linked at the bottom) but there are 3 common support questions I would like to highlight.   Question: How does the ACC work? – where does it gather the data from? Answer:

jdelio,
  • 0
  • 0

How to hide Palo Alto Networks firewall from trace route

Symptoms When anyone does a trace-route to a server behind the Palo Alto Networks firewall, the outside interface IP should not be displayed in the trace results. When internal users go to the internet, the Palo Alto Networks inside interface should not be displayed in trace results. Want to hide the Palo Alto

tsrivastav,
  • 0
  • 0

Attack Delivers ‘9002’ Trojan Through Google Drive

Unit 42 recently observed a 9002 Trojan delivered using a combination of shortened links and a shared file hosted on Google Drive. The delivery method also uses an actor-controlled server hosting a custom redirection script to track successful clicks by targeted email addresses. The infrastructure associated with this 9002 Trojan sample was also found to have previous ties to attacks on Myanmar and other Asian countries that used Poison Ivy as the payload, including a recent, and possibly ongoing campaign against Taiwan.

Robert FalconeJen Miller-Osborn,
  • 0
  • 0

LLDP enabled on interface but neighbour devices unable to see firewall details

Symptoms LLDP enabled on the interface but other devices are unable to see info related to the Palo Alto Networks firewall.  Diagnosis Make sure you also have enabled LLDP globally to make this protocol work. Solution About the LLDP protocol   The Link Layer Discovery Protocol (LLDP) is a vendor-neutral

tsrivastav,
  • 0
  • 0

MineMeld Docker

I started building out a very simple dev (read: unhardened) docker build for MineMeld here: https://github.com/swannysec/MineMeldDocker   Looks like it won't start up correctly inside a container and I think it might be related to the use of UNIX sockets and/or something to do with supervisor.  Anyway, feel free to take

SabreAce33,
  • 0
  • 3

How to Interpret HHS Guidance on Ransomware as a HIPAA Breach

Until recently, the healthcare industry has been up in arms on whether ransomware infections should be considered reportable Health Insurance Portability and Accountability Act (HIPAA) breaches. The argument for considering ransomware a HIPAA breach was centered on the fact that covered entities lose control of protected health information (PHI). A counterargument is that ransomware is not known to exfiltrate data outside the network, and hence should not be considered a HIPAA breach. The U.S. Health and Human Services (HHS) Office for Civil Rights finally weighed in on the discussion with …

Matt Mellen,
  • 0
  • 5

DotW: AD Naming Convention

In this week's Discussion of the Week, I've picked up on a question posted by community member @jezkerwin regarding naming conventions for Active Directory user groups.     Although there is no convention that dictates which names to use or not to use, thoughtful selection of a naming convention at

reaper,
  • 0
  • 0

PowerWare Ransomware Masquerades as Locky to Intimidate Victims

A new variant of the PowerWare ransomware is stealing street creds from the Locky strain of ransomware in an attempt to spoof the malware family. A new sample of PowerWare found by Palo Alto Networks’ Unit 42 reveals the ransomware’s quickly evolving tactics.

  • 0
  • 969

Week 30 Recap

MINEMELD Wow! MineMeld has arrived in the Live Community! Check out all the components of this awesome tool, including the repository on GitHub, articles, discussions and more. Take full advantage of the MineMeld multi-tool to collect, aggregate and filter threat indicators from a variety of sources and avail them to peers

editeur,
  • 0
  • 0

Video Tutorial: AutoFocus Pro Tip -- Quick Search

by Patricia Cruz, Technical Writer @pcruz   You can quickly search AutoFocus to look for samples with certain artifacts. Watch this short clip to see Patricia Cruz, Technical Writer at Palo Alto Networks, demonstrate this feature in action!     For step-by-step instructions for using quick search, please refer to

editeur,
  • 0
  • 0

Free decryption tools released for PowerWare and Bart ransomware

Researchers from security firm Palo Alto Networks have recently found a new version of this threat that imitates a sophisticated and widespread ransomware program called Locky. It uses the extension .locky for encrypted files and also displays the same ransom note used by the real Locky ransomware.

  • 0
  • 954

MineMeld syslog indicator rules

Hi all,   I've successfully connected my firewall to the syslog miner and can see logs arriving. I believe I now need to create a rule to match logs to extract the indicators.   Here's my recieve stats from the miner: Here's the rule I'm trying to craft to extract

tkirk,
  • 0
  • 2

Can't import configuration from 7050 chassis

Trying to import a source configuration from a 7050 chassis and after it imports it just says devicename_config.xml and doesn't show any policies or objects to bring across into the base configuration.    Strange also that from within the project if i edit the device and look at the device

Mugwali,
  • 0
  • 0

Palo Alto Networks News of the Week – July 23, 2016

We’ve rounded up all of our top news from this past week right here. Unit 42 found Andromeda malware targeting Italian users in recent spam campaigns, and shared a technical walkthrough of the Office Test persistence method used in recent Sofacy attacks. The team also discovered a new variant of PowerWare, also known as PoshCoder, imitating the popular Locky ransomware family. Be like Jerry and start your path to awesome.

Anna Lough,
  • 0
  • 0

Channel Scoop – July 22, 2016

Sit back and relax. Let us do the information gathering and give you the channel scoop.

Lang Tibbils,
  • 0
  • 0

Network and Information Security Directive Dates Now Set!

On the 19th of July, the much discussed and anticipated Network and Information Security (NIS) Directive was published in the Official Journal of the EU. The Directive was developed to ensure that societies’ dependencies on technology undertake relevant cybersecurity activities to ensure resilience and confidence as we become ever more digitally dependent. The most important aspect is when this comes into force, which is the 8th of August 2016. However, it is not immediately applicable: each member state then has a period in which to take the Directive and turn …

Greg Day,
  • 0
  • 0

PowerWare Ransomware Spoofing Locky Malware Family

Unit 42 has recently discovered a new variant of PowerWare, also known as PoshCoder, imitating the popular Locky ransomware family. PoshCoder has been encrypting files with PowerShell since 2014, and the new variant named PowerWare was reported in March 2016. The malware is responsible for encrypting files on a victim’s machine and demanding a ransom via the Bitcoin cryptocurrency. In addition to using the ‘.locky’ filename extension on encrypted files, this PowerWare variant also uses the same ransom note as the Locky malware family. This is not the first time PowerWare has …

Tyler HalfpopJacob Soo,
  • 0
  • 0

Watch: Security Lifecycle Review

Discover which applications and threats are exposing vulnerabilities in your security posture using our Security Lifecycle Review (SLR). Learn how you can benefit from our comprehensive SLR report in this video by Scott Simkin, Senior Threat Intelligence Manager.

Palo Alto Networks,
  • 0
  • 10

Preventing Ransomware: What Your Security Architecture Must Do

Ransomware can bring your business operations to a halt. Keeping your organization safe from ransomware requires a fundamental shift toward breach prevention and away from simply detecting and requiring remediation after infection. The right security architecture can make this prevention real.

Palo Alto Networks,
  • 0
  • 0

Palo Alto Networks Federal Forum Brings Together Top Government Leaders for Discussion on Next-Gen Threat Prevention

Nearly 400 people attended Palo Alto Networks Federal Forum last Thursday at the Newseum in Washington, D.C., just a stone’s throw from the iconic dome of the U.S. Capitol. The event featured a dynamic speaker lineup of cybersecurity luminaries in the federal government, including U.S. Cyber Command head and NSA Director Admiral Michael Rogers, Federal CIO Tony Scott and Congressman Will Hurd. The Forum brought together a broad range of stakeholders, with perspectives from civilian government, military, law enforcement, the intelligence community and the private sector— clear recognition that cybersecurity is …

Jennifer MartinezSean Morgan,
  • 0
  • 0

Migration from PA200 to PA500 using Migration Tool - some problems

Hello I read best practise, sow few webexes and so on ... I have config file from PA200 and I don't have PA500 yet. I'd like to prepare with config file to swap PA200 to PA500 as soon as posible. I try few times to get what I need -

_slv_,
  • 0
  • 0

Manually install MineMeld on Ubuntu Server 14.04

If for some reasons the supplied MineMeld cloud-init loaders for VMWare, EC2 and Azure could not work in your environment, you can fall back to the good ol' manual installation of MineMeld.   Supported distributions Ubuntu Server LTS 14.04   1. Hardening the instance First thing you should harden your new

lmori,
  • 0
  • 0

MineMeld + Palo Alto Networks on Dynamic Block List

  Is there anyone able to share on how to configure minemeld nodes to automate resolving/capturing the “*.google.com.*” dynamic IP address, so I could integrate with palo alto networks dynamic Block list feature to identify most of the google.com IP addresses.   I saw google.GCENetblocks and google.netBlocks in minemeld, but

dkoh,
  • 0
  • 0

MineMeld - CSV input feature

Hi all,   Firstly, great work on MineMeld - it is fantastic!!! I have it working great for dynamic IP lists and AF export lists, but our customer would like to import Indicators from CSV. It doesn't look possible with current class/prototypes. Any suggestions? I could script the import to

tkirk,
  • 0
  • 1

Ignite 2017 Call for Papers Is Open!

Want to present at Ignite 2017? The Call for Papers is now open. We are on the hunt for highly technical insights based on firsthand experience with next-generation security technologies, practicing new threat research, and cultivating technical best practices.

Catherine Crandall,
  • 0
  • 0
Displaying 2491 to 2520 of 9713