Date

By Source

By Technology

By Services

By Audience

Displaying 2611 to 2640 of 9946

TS User-ID does not work for IE if Enhanced Protected Mode is enabled

Symptom Even though Terminal Server Agent connects to Paloalto Networks Firewall successfully, web-browsing traffic generated by Internet Explorer from an RDS (Remote Desktop Services) server, via Remote Desktop connection, is not identified per user.   The web-browsing traffic uses source ports included in "System Source Port Allocation Range" of Terminal Server Agent

TShimizu,
  • 0
  • 0

Problem migrating log profile

I'm using MT 3.3.12 and migrating from PA2020 to PA3020.  Outside of interface changes, my migration is fairly straightforward.  My imported configuration shows on many rules that I have Log Forwarding set with a profile named lfp.default.  When I go to create the output config, I am able to move

bart.wallace,
  • 0
  • 0

Getting Started: Firewall as a PPPoE or DHCP Client

When setting up a firewall in a smaller office or in an off-the-grid location, the local ISP may only be able to connect you through a cable or DSL modem which requires your external interface to be configured as a DHCP client or PPPoE client.   Tip: If your ISP

reaper,
  • 0
  • 1

RedHat (+Akamai) IP ranges

Would it be possible to add a miner for the Red Hat Subscription Manager (RHSM)? They do advice to use domains name as filter rather than IP addresess [1] (mainly because they use Akamai's CDN), but we prefer to have that kind of traffic under control. There is a public

mserrano_uned,
  • 0
  • 0

NAT rules are not importing with Migration Tool 3.3.12

Hi,   We are migrating to PA 5050's from Juniper SRX 650's and are running into an issue when importing the SRX xml files.   The problem we are having is that the NAT rules are not being imported to the MT.     any help would be appreciated, I

BryanMay,
  • 0
  • 0

AutoFocus: Your Answer to Actionable Threat Intelligence

Threat intelligence involves learning about new attacks, adversaries, campaigns, and malware families through distinct pieces of information often referred to as indicators of compromise, or IOCs. The more we make relevant information available to network defenders, the better the odds are that they will find answers to their questions. One key consideration for leveraging threat intelligence to improve an organization’s security posture is that it must be readily able to enforce new prevention-based controls. Threat intelligence has traditionally been used by security operations centers’ incident response teams. As security awareness …

Stephen Perciballi,
  • 0
  • 0

Hancitor Downloader Shifts Attack Strategy

Researchers said a new variant of the Hancitor downloader has shifted tactics and adopted new dropper strategies and obfuscation techniques on infected PCs. Researchers at Palo Alto Networks are currently tracking the biggest push of the Hancitor family of malware since June that it says has shifted away from H1N1 downloader and now distributes the Pony and Vawtrak executables.

  • 0
  • 1170

Palo Alto Networks Announces Executive Appointments

Palo Alto Networks® (NYSE: PANW), the next-generation security company, today announced from our annual sales kickoff event new executive appointments.

Santa Clara, CA
  • 0
  • 2047

The Cybersecurity Canon: The Cynja: Volume 1 and Code of the Cynja: Volume 2

We modeled the Cybersecurity Canon after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that. Please write a review and nominate your favorite.   The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so! Book Review by Canon Committee Member, Rick Howard: “The Cynja: Volume 1” (2014) …

Rick Howard,
  • 0
  • 0

Content That Respects the Value of Your Time

With so much content in every direction vying for your attention, we believe that content is now required to respect the value of your time. For this reason, I’m really excited to introduce you to Info & Insights at Palo Alto Networks!

Scott Ciccone,
  • 0
  • 15

VB Dropper and Shellcode for Hancitor Reveal New Techniques Behind Uptick

The Hancitor downloader has been relatively quiet since a major campaign back in June 2016. But over the past week, while performing research using Palo Alto Networks AutoFocus, we noticed a large uptick in the delivery of the Hancitor malware family as they shifted away from H1N1 to distribute Pony and Vawtrak executables. In parallel, we received reports from other firms and security researchers seeing similar activity, which pushed us to look into this further. Figure 1 AutoFocus view of new sessions of Hancitor since July 2016 The delivery method …

Jeff White,
  • 0
  • 0

Week 34 Recap

OPSWAT Support Charts for GlobalProtect 3.1.0 @srajasekar GlobalProtect uses integrated OPSWAT SDK to detect data about third-party products installed on the endpoint. For a list of third-party products that can be detected by a specific GlobalProtect software version, please refer to the corresponding OPSWAT Support Chart.   Is the support

editeur,
  • 0
  • 3

OPSWAT Support Charts for GlobalProtect 3.1.x

GlobalProtect agent collects vendor-specific data about the end-user security packages that are running on the computer (as compiled by the OPSWAT global partnership program) and reports this data to the GlobalProtect gateway for use in policy enforcement. Following are the third-party vendor products that GlobalProtect can detect using the specified

srajasekar,
  • 0
  • 0

Palo Alto Networks News of the Week – August 20, 2016

Did you miss any of this week’s Palo Alto Networks action? Don’t worry, we’ve rounded up the top news right here. Unit 42 discovered malware known as ‘Aveo’ targeting Japanese speaking users. Unit 42 researchers Bo Qu, Hui Gao and Tongbo Luo were recognized in the Microsoft Security Response Center (MSRC) Bounty Program Top 100 list at Black Hat. Get a glimpse into the cybercrime underground in this new Unit 42 series exploring actors, motivations and the current threat landscape. Were you stumped by any of the Unit 42 LabyREnth …

Justin Hall,
  • 0
  • 0

Pérez-Llorca

Perez-Llorca chose Palo Alto Networks® Traps™ advanced endpoint protection to protect its endpoints from ransomware, botnets and other cyberthreats while centralizing endpoint security management.

  • 0
  • 821

How to Reauthenticate a Box Cloud App in Aperture

Question How to Reauthenticate a Box Cloud App in Aperture   Answer In the Aperture Portal, walk through the following steps to re-autheticate a Box Cloud App. Click "Settings" Click "Cloud Apps & Scan Settings" Select the Box account by clicking on the name Click "Reauthenticate" Enter the Box Console Administrator's login

ntrubic,
  • 0
  • 0

Configuring PAN-OS 7.1 Gateways to Generate Logs in LEEF Format

Summary This document illustrates the steps for configuring a Palo Alto Networks PAN-OS gateway running PAN-OS 7.1 to forward logs to a syslog receiver in the LEEF format. LEEF format schemas are provided for Traffic, Threat, Config, System, and HIP Match Logs. Correlation logs are not covered in this document.

vdavar,
  • 0
  • 1

Best Practices for Deploying Content Updates

If you own Palo Alto Networks Next-Generation Firewalls and manage software updates, including Dynamic Updates, learn best practices and recommendations to ensure smooth deployment of weekly content from Palo Alto Networks.   Question: How do I apply best practices based on the size or nature of my organization?   Scenario 1: I have mission critical applications

nasingh,
  • 0
  • 1

"[ Warn 839]" message seen in User-ID agent logs

Symptom Inside of the User-ID Agent logs, you may see the following message(s).   08/01/16 21:46:14:819[ Warn 839]: need to alloc 4423 bytes for big body 08/01/16 21:46:15:022[ Warn 839]: need to alloc 4428 bytes for big body 08/01/16 21:46:15:224[ Warn 839]: need to alloc 4434 bytes for big body 08/01/16

pbasamsett,
  • 0
  • 0

LabyREnth Capture the Flag (CTF): Document Track Solutions

Thanks to the incredibly talented community of threat researchers that participated in LabyREnth, the Unit 42 Capture the Flag (CTF) challenge. Now that the challenge is closed, we can finally reveal the solutions of each challenge track. We’ll be rolling out the solutions for one challenge track per week. First up, the Document track.

Richard WartellTyler HalfpopJeff White,
  • 0
  • 0

7.1.x support for Migration tool

I have just downloaded the VMplayer version 3.1 of the Migration Tool to copy my existing config to setup a new secondary site firewall. In doing so I have import the config but it only seems to be version 6.x I'm currently running version 7.1.x is there a way to

murphyj,
  • 0
  • 0

Getting Started With a Zero Trust Approach to Network Security

Zero Trust is an alternative security model that addresses the shortcomings of failing perimeter-centric strategies by removing the assumption of trust. With Zero Trust there is no default trust for any entity—including users, devices, applications, and packets—regardless of what it is and its location on or relative to the corporate network. This paper discusses the need for a Zero Trust approach to network security, how the Palo Alto Networks® next-generation security platform delivers on these requirements, and provides guidance on how to progressively migrate to a Zero Trust architecture. This White Paper is available in: Chinese (simple), Chinese (traditional), French, German, Italian, Japanese, Portuguese, and Spanish.

  • 2
  • 8737

MigrationTool rule lists

I have version 3.3.10 up and running.  I have a project to migrate two PA 2020 into one PA 3020.  When I look at the Manage Policies (after double-clicking the project) and select All/All the gui doesnt' work correctly.  I have set to display 50 rules, yet the interface only

bart.wallace,
  • 0
  • 1

Migration Tool 3.3.12 App ID

Hello   I have a quick question regarding the APP ID convertion with Migration tool 3.3.12. Once the migration is done. my understanding is that we keep the Migration Tool connected to the deployed device, with a "Connector" configured, I will be able to monitor traffic. Is this Correct? My

Kaliman,
  • 0
  • 0

How to Generate New MineMeld HTTPS Cert

If you are using your Palo Alto Networks firewall as a trusted root CA, you can generate a web server certificate for MineMeld to replace the self-signed one.   Start Inside WebGUI  Steps: Go to your Palo Alto Network Firewall or Panorama WebGUI Device > Certificate Management > Certificate At the

Angelo,
  • 0
  • 0

Confused over EBL size limit

We have a 3020 running 7.0.8 and are experimenting with MineMeld.   As soon as we get close to 5k IPs on the combined EBLs we get an error on a EBL refresh that it's been truncated as it's over the limit.   Palo Alto's own KB suggests that on

networkadmin,
  • 0
  • 0

Ignite 2017: Register Early and Save Big

There are some things that we just can’t help putting off: laundry, tax returns, going to the gym, to name a few. But registering for Ignite 2017 should not be one of those things. When you register early for Ignite 2017, not only are you securing your spot at the most anticipated, next-generation security conference of the year, you’re also going to save big on your full conference pass, and I mean $400 big. Prices go up October 31, 2016 so make sure you register soon.

Catherine Crandall,
  • 0
  • 0

Aveo Malware Family Targets Japanese Speaking Users

(This blog post is also available in Japanese.) Palo Alto Networks has identified a malware family known as ‘Aveo’ that is being used to target Japanese speaking users. The ‘Aveo’ malware name comes from an embedded debug string within the binary file. The Aveo malware family has close ties to the previously discussed FormerFirstRAT malware family, which was also witnessed being used against Japanese targets. Aveo is disguised as a Microsoft Excel document, and drops a decoy document upon execution. The decoy document in question is related to a research …

Josh GrunzweigRobert Falcone,
  • 0
  • 0

The Value of the Next-Generation Security Platform

See how the Next-Generation Security Platform has helped customers improve their security posture and reduce their total cost of ownership.

  • 3
  • 1138

EU Cybersecurity-Related Legislation:
Why Companies Should Care

How do companies in Europe manage cybersecurity risks? Get the Executive Advisory Report: European Union Cybersecurity-Related Legislation to find out.

  • 0
  • 3132
Displaying 2611 to 2640 of 9946