Trend Micro Protection and Detection Against Exploitation
First and foremost, it is always highly recommended that users apply the vendor's patches when they become available. Palo Alto has provided additional information and guidance here
In addition, as another layer of protection Trend Micro can share that we have some detection rules and filters that can help provide against potential exploitation of this vulnerability.
Trend Micro Cloud One - Network Security & TippingPoint Digital Vaccine (DV) Filters
-
44125: HTTP: Palo Alto Networks PAN-OS GlobalProtect Command Injection Vulnerability
-
41477: TCP: Python Reverse Shell Payload Detection
Optional TippingPoint Policy Filters
-
6763: HTTP: Wget Web Page Retrieval Attempt
-
5873: RDP: Windows Remote Desktop Access (ATT&CK T1021.001)
Additional information on SSL configurations can be found in the TippingPoint Threat Protection System (TPS) SSL Inspection Deployment Guild found here and reference chapter 5.
Trend Micro Deep Discovery Inspector (DDI) Rules
- 5022: CVE-2024-3400 - Palo Alto Command Injection Exploit - HTTP (Request)