Saucepan

User Tools

Site Tools

Trace: legal cli_commands dns_security threat_insight rpz_feeds support_portal
paloaltonetworks:dns_security

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
paloaltonetworks:dns_security [2023/07/04 06:42] – [DNS Techniques] bstaffordpaloaltonetworks:dns_security [2025/08/29 13:27] (current) – [Details] bstafford
Line 7: Line 7:
  
 [[https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/pan/en_US/resources/datasheets/dns-security-service|DNS Security Data Sheet]] [[https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/pan/en_US/resources/datasheets/dns-security-service|DNS Security Data Sheet]]
 +===== DoT/DoH =====
 +PAN-OS 11.2.1 [[https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-networking-admin/dns/configure-a-dns-proxy-object|released the ability]] for DNS Proxy on PAN-OS to act as a DoT/DoH server and also forward on DoT/DoH.
 +
  
 =====Data Sources===== =====Data Sources=====
Line 24: Line 27:
   * Stops newly registered domains 6x faster than publicaly avaialble scanners   * Stops newly registered domains 6x faster than publicaly avaialble scanners
  
 +New in mid 2025
  
 +  * Detection of unknown C2 threats developed using the open source Sliver C2 framework (ATP)
 +  * Enhanced Empire C2 deteciton
 +  * Protection against DNS relaying attacks, also known as Data Exfiltration via HTTP request headers (ATP+ADNS)
 +  * Domain Masquerading Detection, Malicious TDS Detection (ADNS)
 +  * AI Categorization, Crypto Scam Detection, DeepFake Phishing Detection (AURL)
 +  * Endpoint DLP
  
 =====URL Categories Blockable===== =====URL Categories Blockable=====
paloaltonetworks/dns_security.1688452976.txt.gz · Last modified: by bstafford