Date

By Source

By Technology

By Services

By Audience

Displaying 2581 to 2610 of 10485

Group names in allow-list of an LDAP authentication profile

Question Are group names case sensitive when configured in allow-list of an authentication profile case? Answer When configuring a group name in allow-list of an authentication profile, goup names are case sensitive. It is important as we are using allow-lists for various authentication protocols (LDAP, RADIUS, TACACS+ and so on).  

nbilly,
  • 0
  • 1

SSO Kerberos Authentication for Admin Access Keytab Generation

Kerberos SSO: Kerberos Authentication for Admin access Keytab generation is used to supply the windows credentials automatically to the login prompt when a user accesses the WebGUI of the firewall. A network that supports Kerberos SSO prompts a user to log in only for initial access to the network (for

schopra,
  • 0
  • 2

Syslog miner indicator

Hi, i'm trying creating a indicator for SLW injections events , extract src_ip and insert into    Down below the code attached to the syslogminer class stdlib.syslogMiner , unfortunaltely validate process reports errors with the only suggestions "Condition is invalid", could be either a formatting erro or a logical erro, hard to say.

AlbertoZanon,
  • 0
  • 0

Weekly Recap 52

DotW: DISCUSSION OF THE WEEK RESTORING CONFIGURATION BETWEEN PLATFORMS Are you planning a hardware upgrade and want to reuse a configuration file? Are you trying to figure out how to go about restoring a backup configuration from a PA5000 series to a PA3000? Can you just move a config file from one

editeur,
  • 0
  • 0

Palo Alto Networks News of the Week – December 31, 2016

Did you miss any of this week’s Palo Alto Networks action? Don’t worry, we’ve rounded up the top news right here. Our Cybersecurity Predictions series continued with sure things and long shots for cybersecurity in 2017. This week’s predictions include: Automation and Playbook Models Take On Key Roles in Threat Intelligence Sharing The Technical Documentation team introduced the new Palo Alto Networks Compatibility Matrix The Technical Documentation team also shared a post covering the latest Aperture features and how you can use them to protect your SaaS applications. Unit 42 …

Justin Hall,
  • 0
  • 0

What Palo Alto Networks Has in Store for the Public Sector in 2017

We’ve had some exciting activity in the U.S. federal sector at Palo Alto Networks over the past year and we have more in store for 2017 with the launch of our inaugural Federal Ignite conference in Washington, D.C. next October. With the end of the year around the corner, I wanted to share more about the incredible momentum we’ve had in the public sector in 2016 and preview what we have on deck in the new year. Palo Alto Networks Launches Public Sector Subsidiary As we continue to expand our …

Nick Urick,
  • 0
  • 0

How to Install User-ID Agent and Prevent 'Start service failed with error 1069'

This article outlines the steps required to install the UserID Agent and account permissions required for it to function properly. If not all access is granted, you may encounter the following error: "Start service failed with error 1069: The service did not start due to a logon failure."   In this

pankaj.kumar,
  • 0
  • 2

Don’t Let Your Users Unknowingly Be the Weak Link in Your Security Infrastructure

Hackers are becoming increasingly stealthy and creative, relentlessly trying to gain access to sensitive data, while organizations work tirelessly to prevent security breaches and data theft. In this complex game of cat and mouse, security practitioners are being forced to rethink how they identify and control traffic on the network, shifting to an application-focused approach, rather than port- and protocol-based policy, to defend against successful cyberattacks and uphold business integrity. User-based access controls, based on user identity information, rather than IP address, allow organizations to safely enable applications traversing the …

Stephanie Johnson,
  • 0
  • 1

Campaign Evolution: pseudo-Darkleech in 2016

Darkleech is long-running campaign that uses exploit kits (EKs) to deliver malware. First identified in 2012, this campaign has used different EKs to distribute various types of malware during the past few years. We reviewed the most recent iteration of this campaign in March 2016 after it had settled into a pattern of distributing ransomware. Now dubbed “pseudo-Darkleech,” this campaign has undergone significant changes since the last time we examined it. Our blog post today focuses on the evolution of pseudo-Darkleech traffic since March 2016. Chain of events Successful infections …

Brad Duncan,
  • 0
  • 2

TechDocs: Protect Your SaaS with the Latest Aperture Features

The Aperture team is working hard to make your life easier and keep your SaaS applications secure. New features introduced recently include: Automatic Risk Remediation: The Aperture service introduces a powerful new feature that can automatically discover and remediate risks. You can create policy rules that automatically quarantine compromised assets, change sharing to maintain network security, and notify owners when an asset is vulnerable. When you automatically remediate risks, the Aperture service can process and fix large volumes of risks in record time with minimal overhead. Aperture supports automatic remediation …

Charissa Fleischer,
  • 0
  • 1

Cybersecurity in 2017: Automation, Adversaries and Orchestration

Threat intelligence sharing among vendor and industry peers has come a long way, and in 2017 there will be more opportunities than ever to demonstrate its value; especially as conversations around sharing intelligence between the public and private sectors continues.

  • 0
  • 2339

Palo Alto Networks to Present at Upcoming Investor Conference

Palo Alto Networks® (NYSE: PANW), the next-generation security company, today announced that members of its management team will be presenting at the following financial community event: 19th...

Santa Clara, CA
  • 0
  • 256

How can I validate that my TAXII output miner is working?

Hi!  Been testing the product for a couple of weeks, and I really am impressed, but while the TAXII/STIX miners work well from HailATAXII, I'm trying to feed output from my aggregator into a TAXII output to push to other tools down the line that can ingest the indicators and

twisterdavemd,
  • 0
  • 0

Minemeld not pulling low and medium confidence feeds?

Hello,   My firewall is able to pull several feeds from our minemeld server. However, it is not pulling our Low and Medium Confidence inbound feeds. Worked with PA support and they said there must be something wrong with our Minemeld server and suggested I post a question here.  

BobHarrison,
  • 0
  • 0

How to resolve get-ldap-data-failure error in system logs

This document provides resolution for the error "get-ldap-data failure"  repeatedly in the system logs.   Issue Getting the error "get-ldap-data-failure" in the system logs every few minutes.     Cause This issue is caused when the firewall is trying to fetch the group information from the AD and the group

mgarg,
  • 0
  • 0

Panorama config edits

Here is the scenario   I have a M-100 with configs templates and devices groups for about 20 clusters of Palo’s ranging from 500’s to 7000’s.  I have imported the Panorama config into the migration tool.  I am editing one pair of 500s and have re-worked applications and changed the

sdssd,
  • 0
  • 1

Palo Alto Networks News of the Week – December 24, 2016

Did you miss any of this week’s Palo Alto Networks action? Don’t worry, we’ve rounded up the top news right here. Our Cybersecurity Predictions series continued with sure things and long shots for cybersecurity in 2017. This week’s predictions include: Japan Confronts SMB Cyber Resilience, Anticipating Tokyo 2020 Recruiters Search for Cyber Talent Outside of Security Unit 42 shared a review of regional malware trends in EMEA. Get the new technical documentation for Traps 3.4.2. When it comes to cloud security, ever wonder who’s responsible for what? We announced our …

Justin Hall,
  • 0
  • 0

Japanese Government Updates Cybersecurity Guidelines: Increased Focus on Cybersecurity Investments and SMBs

In December 2016, the Japanese Ministry of Economy, Trade and Industry (METI) and its Information-Technology Promotion Agency (IPA) released Cybersecurity Guidelines for Business Leadership ver. 1.1. (this is a Japanese link), an update of  ver. 1.0 published in December 2015 (this is a Japanese link; English press release is here). As our May 2016 blog post pointed out, METI’s Guidelines are aimed squarely at business executives. The December 2016 update builds upon the original document’s three principles and 10 action items, with two notable changes. First, the update includes a …

Danielle KrizMihoko Matsubara,
  • 0
  • 0

2017 Cybersecurity Predictions: Recruiters Search for Cyber Talent Outside of Security

This post is part of an ongoing blog series examining “Sure Things” (predictions that are almost guaranteed to happen) and “Long Shots” (predictions that are less likely to happen) in cybersecurity in 2017.   Cybersecurity is facing a shortage of qualified professionals to occupy the many openings within the sector. Earlier this year, Forbes and other sources pegged job vacancies for available cybersecurity sector jobs at 74 percent for the last five years, and that percentage number is expected to increase globally as security concerns become greater for small, medium …

Wendy BarnesJoe Strongone,
  • 0
  • 0

Tech Docs: Introducing the New Palo Alto Networks Compatibility Matrix

The Tech Docs team just rolled out the new Palo Alto Networks Compatibility Matrix (PDF). We produced this document to address feedback about the “findability” of compatibility and support information for our various next-generation security devices. The new central Compatibility Matrix covers different compatibility and interoperability considerations for Palo Alto Networks devices. For example, it covers supported operating systems for each version of the GlobalProtect app, supported endpoint operating systems for User-ID and TS agents, PAN-OS version support by model (including WF-500, M-100 and M-500 appliances), Traps and ESM operating …

Charissa Fleischer,
  • 0
  • 4

Spotting a Spoofed Email in Healthcare

Over the past year, healthcare organizations of all sizes have been impacted by cyberattacks. Most of them involve malware of one sort or another. As a former security operations lead at a hospital network in the San Francisco Bay Area, I learned what my research at Palo Alto Networks has confirmed: By far, the most common way for malware to make its way into Healthcare networks is by spoofed emails.

  • 0
  • 1733

2017 Cybersecurity Predictions: The Price of Ransomware Continues to Increase in Asia-Pacific

A lack of real world experience and metrics in order to aid security professionals is harming communication and capabilities. Speaking at the launch of the book Navigating the Digital Age, produced by Palo Alto Networks and Forbes, Palo Alto Networks CSO Greg Day said that the intention of the book was creating an understanding of responsibilities by distilling duties down, and highlight what are some of the things you can ask to go beyond the yes/no i2016 was a challenging year for organisations particularly as cyber adversaries achieved high-profile success, mainly with ransomware. Organisations in Asia-Pacific are no exception. The year also taught a valuable lesson that no industry vertical is safe; if there is a hole in your security, a determined adversary will find it.

  • 1
  • 2949

How to verify the direction of spyware signatures for downloaders

This document describes how to verify the trigger direction of spyware signatures for downloaders that appear in the threat log.   Details The signatures in the table below detect malicous downloaders attached to emails. The signatures work for both SMTP and POP3, in other words, they can detect both cases;

ymiyashita,
  • 0
  • 1

Character set limitation

Hi, Will you be able to increase the character count for the "NAME" under the security policy, when my customer migrated their existing rule, the migration tool auto truncate the naming convention which resulted in many duplicate rules. The name field can only support "the quick brown fox jumps ".

cong_c,
  • 0
  • 1

UK’s “National Cyber Security Strategy”: Contributing to Increasing Cybersecurity and Prosperity in the UK and Worldwide

The UK government recently released its new National Cyber Security Strategy 2016-2021. Recognizing that cyberattacks on the UK are a top threat to the UK’s economic and national security, the strategy outlines a vision and goals to create a UK that is secure and resilient to cyberthreats, as well as prosperous and confident in the digital world. The UK has always been at the forefront of cybersecurity activities, and its new strategy is an important contribution to and model for global efforts. The strategy lays out a substantive set of …

Danielle Kriz,
  • 0
  • 0

Operation Ke3chang Resurfaces With New TidePool Malware

Introduction Little has been published on the threat actors responsible for Operation Ke3chang since the report was released more than two years ago. However, Unit 42 has recently discovered the actors have continued to evolve their custom malware arsenal. We’ve discovered a new malware family we’ve named TidePool. It has strong behavioral ties to Ke3chang and is being used in an ongoing attack campaign against Indian embassy personnel worldwide. This targeting is also consistent with previous attacker TTPs; Ke3chang historically targeted the Ministry of Affairs, and also conducted several prior …

Micah YatesMike ScottBrandon LeveneJen Miller-OsbornTom Keigher,
  • 0
  • 1

2017 Cybersecurity Predictions: The Price of Ransomware continues to increase in Asia-Pacific

2016 was a challenging year for organisations particularly as cyber adversaries achieved high-profile success, mainly with ransomware. Organisations in Asia-Pacific are no exception. The year also taught a valuable lesson that no industry vertical is safe; if there is a hole in your security, a determined adversary will find it.

  • 0
  • 3128

Office 365 - Polling issue

Hello,   I have noticed an IP address which is published by Microsoft and not “mined” by minemeld: 40.112.64.16/28 in Office Identity. I don’t this this IP range in published IPv4 feed (I have imported default configuration published in Live).   How do we collect the informations? How can we follow

bmenestret,
  • 0
  • 0

Unit 42 Identifies New DragonOK Backdoor Malware Deployed Against Japanese Targets

Summary Palo Alto Networks Unit 42 used the AutoFocus threat intelligence service to identify a series of phishing attacks against Japanese organizations. Using AutoFocus to quickly search and correlate artifacts across the collective set of WildFire and other Palo Alto Networks threat intelligence, we were able to associate the attacks with the group publicly known as “DragonOK.” [1] These attacks took place between January and March of 2015. DragonOK has previously targeted Japanese high-tech and manufacturing firms, but we’ve identified a new backdoor malware, named “FormerFirstRAT,” deployed by these attackers. …

Jen Miller-OsbornJosh Grunzweig,
  • 0
  • 2
Displaying 2581 to 2610 of 10485