https://live.paloaltonetworks.com/t5/general-topics/transcribing-yara-signatures-for-pa-custom-threat-signatures/m-p/18330#M13362 <HTML><HEAD></HEAD><BODY><P> Hi,</P><P>You would have to submit this description to support for conformation against our archives.</P><P></P><P>Regards,</P><P>Gary S. </P></BODY></HTML> Wed, 12 Jan 2011 02:50:08 GMT gsamuels 2011-01-12T02:50:08Z https://live.paloaltonetworks.com/t5/general-topics/transcribing-yara-signatures-for-pa-custom-threat-signatures/m-p/18329#M13361 <HTML><HEAD></HEAD><BODY><P>Hello All,</P><P>Has anyone translated, transcribed or converted an existing Yara malware signature to a Palo Alto custom threat signature?</P><P></P><P><A class="active_link" href="http://code.google.com/p/yara-project/">http://code.google.com/p/yara-project/</A></P><P></P><P>Thanks,</P><P>-Paul</P></BODY></HTML> Tue, 11 Jan 2011 22:02:57 GMT https://live.paloaltonetworks.com/t5/general-topics/transcribing-yara-signatures-for-pa-custom-threat-signatures/m-p/18329#M13361 apc050 2011-01-11T22:02:57Z https://live.paloaltonetworks.com/t5/general-topics/transcribing-yara-signatures-for-pa-custom-threat-signatures/m-p/18330#M13362 <HTML><HEAD></HEAD><BODY><P> Hi,</P><P>You would have to submit this description to support for conformation against our archives.</P><P></P><P>Regards,</P><P>Gary S. </P></BODY></HTML> Wed, 12 Jan 2011 02:50:08 GMT https://live.paloaltonetworks.com/t5/general-topics/transcribing-yara-signatures-for-pa-custom-threat-signatures/m-p/18330#M13362 gsamuels 2011-01-12T02:50:08Z https://live.paloaltonetworks.com/t5/general-topics/transcribing-yara-signatures-for-pa-custom-threat-signatures/m-p/18331#M13363 <HTML><HEAD></HEAD><BODY><P>Just curious what the outcome of this was? Has this been done? I am also interested in this too.</P></BODY></HTML> Tue, 22 Oct 2013 19:40:30 GMT https://live.paloaltonetworks.com/t5/general-topics/transcribing-yara-signatures-for-pa-custom-threat-signatures/m-p/18331#M13363 rbergen 2013-10-22T19:40:30Z https://live.paloaltonetworks.com/t5/general-topics/transcribing-yara-signatures-for-pa-custom-threat-signatures/m-p/18332#M13364 <HTML><HEAD></HEAD><BODY><P>This is interesting and yet challenging as PaloAlto Custom Vulnerability signatures use Contexts so you would need to know where you should be looking for the strings defined in the Yara definitions.&nbsp; The conditional statements within Yara offer a lot of flexibility and that would be hard to do within PA.&nbsp; Simple definitions I believe are doable, providing you know where to look in the flow (context).&nbsp; We are currently creating custom signatures but I have not tried any yara signatures because I don't know in what context I need to look.</P><P></P><P>Phil</P></BODY></HTML> Wed, 23 Oct 2013 19:09:48 GMT https://live.paloaltonetworks.com/t5/general-topics/transcribing-yara-signatures-for-pa-custom-threat-signatures/m-p/18332#M13364 HITSSEC 2013-10-23T19:09:48Z