Community or News Group that has taken Snort signatures and converted them to PaloAlto

ScottF — Thu, 14 Mar 2019 16:12:54 GMT

This is a very easy question for everybody. A lot of people have most likely created custom signatures from Snort or otherwise to apply to a PaloAlto firewall. Does anyone know of a news group or community in which those signatures have been converted and that you can download free of charge?

Also, does anyone know of a list that (to the best of their ability) matches a Snort signature that is natively included in the Snort feeds and their PaloAlto equivalents?

Finally, are there regex examples that define things like the offset of of the IP header, or Ethernet header or TCP header, etc. I would like to include some of that stuff in a RegEx definition when writing a regex? In addition to this, how do you write a RedEx that masks a byte so you can pull out bit information.

I know this is a long list, but any and all assistance would be appreciated.

Thanks in advance!

Re: Community or News Group that has taken Snort signatures and converted them to PaloAlto

mivaldi — Wed, 03 Apr 2019 18:04:38 GMT

Please refer to:

https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/threat-prevention/custom-signatures.html

topic Re: Community or News Group that has taken Snort signatures and converted them to PaloAlto in Advanced Threat Prevention Discussions

Community or News Group that has taken Snort signatures and converted them to PaloAlto

Re: Community or News Group that has taken Snort signatures and converted them to PaloAlto