How Cobalt Strike Random Malleable C2 Profile can be detected

How Cobalt Strike Random Malleable C2 Profile can be detected

114
Created On 07/01/22 05:22 AM - Last Modified 11/17/25 20:34 PM


Question


How to detect Cobalt Strike's random Malleable C2 Profile in firewall and threat prevention.

Environment


All PAN-OS 
Firewall 
Advance Threat Prevention (ATP) license

Answer


This detection will be based on the ML/AI module, which is a part of the ATP security service. For such detection, you will need an Advance Threat Prevention (ATP) license. 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000CqJKCA0&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail