What are the Inline Cloud Analysis C2 Threat IDs?

What are the Inline Cloud Analysis C2 Threat IDs?

1157
Created On 10/03/24 15:46 PM - Last Modified 12/31/25 15:41 PM


Question


What are the Inline Cloud Analysis Threat IDs?

Environment


  • Next Gen Firewalls (NGFW)
  • PanOS 10.2 and above

 

Answer


Threat ID - Threat Name - Protocol/Tool

89950 - Evasive HTTP C2 Traffic Detection - HTTP
89951 - Inline Cloud Analyzed HTTP2 Command and Control Traffic Detection - HTTP2
89952 - Inline Cloud Analyzed SSL Command and Control Traffic Detection - SSL/TLS Handshake
89953 - Inline Cloud Analyzed Unknown-TCP Command and Control Traffic Detection - Unknown TCP 
89954 - Inline Cloud Analyzed Unknown-UDP Command and Control Traffic Detection - Unknown UDP 
89955 - Evasive Cobalt Strike C2 Traffic Detection - Cobalt Strike
89956 - Evasive Cobalt Strike C2 Traffic Detection - Cobalt Strike
89957 - Evasive Cobalt Strike C2 Cross Session Traffic Detection - Cobalt Strike
89958 - Evasive Empire C2 Traffic Detection - Empire
89959 - HTTP Data Exfiltration via FQDN Using Suspicious Domain - HTTP

89960 - HTTP2 Data Exfiltration via FQDN Using Suspicious Domain - HTTP2

PanOS:11.2
89961 - Evasive Sliver C2 Traffic Detection - Sliver

 

Additional Information
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000PQfhCAG&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail