https://live.paloaltonetworks.com/t5/general-topics/help-with-custom-datafield-or-vulnerability/m-p/48822#M35960 <HTML><HEAD></HEAD><BODY><P>Hello Mackwage,</P><P></P><P>It would be difficult to find exact match for snort policy because in PANW you can specifiy source IP/Port/zone, destination IP/Port/zone and application.</P><P></P><P>You may have to create custom signature for the application and than call that application in to policy.</P><P></P><P>Please provide more information on the field of snort, so I can help you with custom signature.</P><P></P><P>Regards,</P><P>Hardik Shah</P></BODY></HTML> Mon, 25 Aug 2014 19:57:48 GMT hshah 2014-08-25T19:57:48Z https://live.paloaltonetworks.com/t5/general-topics/help-with-custom-datafield-or-vulnerability/m-p/48821#M35959 <HTML><HEAD></HEAD><BODY><P>I have a Snort rule for a specific network activity I wish to either block or alert on. I would like to translate this into a PAN. Would it be best to do a data field or a vulnerability?</P><P></P><P>alert tcp any any -&gt; any any (content:"|6E|"; depth: 1; content:"|36 36 36 58 36 36 36|"; offset: 3; depth: 7; msg: "Beacon C2"; sid: 1000000001; rev:0)</P></BODY></HTML> Mon, 25 Aug 2014 19:53:18 GMT https://live.paloaltonetworks.com/t5/general-topics/help-with-custom-datafield-or-vulnerability/m-p/48821#M35959 SDorsey 2014-08-25T19:53:18Z https://live.paloaltonetworks.com/t5/general-topics/help-with-custom-datafield-or-vulnerability/m-p/48822#M35960 <HTML><HEAD></HEAD><BODY><P>Hello Mackwage,</P><P></P><P>It would be difficult to find exact match for snort policy because in PANW you can specifiy source IP/Port/zone, destination IP/Port/zone and application.</P><P></P><P>You may have to create custom signature for the application and than call that application in to policy.</P><P></P><P>Please provide more information on the field of snort, so I can help you with custom signature.</P><P></P><P>Regards,</P><P>Hardik Shah</P></BODY></HTML> Mon, 25 Aug 2014 19:57:48 GMT https://live.paloaltonetworks.com/t5/general-topics/help-with-custom-datafield-or-vulnerability/m-p/48822#M35960 hshah 2014-08-25T19:57:48Z https://live.paloaltonetworks.com/t5/general-topics/help-with-custom-datafield-or-vulnerability/m-p/48823#M35961 <HTML><HEAD></HEAD><BODY><P>The main goal is to find this traffic pattern and either alert or block. "<SPAN style="color: #3b3b3b; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;">36 36 36 58 36 36 36</SPAN>" (regardless of application or port). Does that help?</P></BODY></HTML> Mon, 25 Aug 2014 20:00:40 GMT https://live.paloaltonetworks.com/t5/general-topics/help-with-custom-datafield-or-vulnerability/m-p/48823#M35961 SDorsey 2014-08-25T20:00:40Z https://live.paloaltonetworks.com/t5/general-topics/help-with-custom-datafield-or-vulnerability/m-p/48824#M35962 <HTML><HEAD></HEAD><BODY><P>Hello Mackwage,</P><P></P><P>I got information, give me couple of minutes to find out solution. I think its very much doable with PANW.</P><P></P><P>Regards,</P><P>Hardik Shah</P></BODY></HTML> Mon, 25 Aug 2014 20:01:48 GMT https://live.paloaltonetworks.com/t5/general-topics/help-with-custom-datafield-or-vulnerability/m-p/48824#M35962 hshah 2014-08-25T20:01:48Z https://live.paloaltonetworks.com/t5/general-topics/help-with-custom-datafield-or-vulnerability/m-p/48825#M35963 <HTML><HEAD></HEAD><BODY><P>You may refer these DOC:</P><P></P><P><A href="https://live.paloaltonetworks.com/docs/DOC-2015">Custom Application Signatures</A></P><P><A href="https://live.paloaltonetworks.com/docs/DOC-5534">Creating Custom Threat Signatures</A></P><P></P><P>Thanks</P></BODY></HTML> Mon, 25 Aug 2014 20:02:47 GMT https://live.paloaltonetworks.com/t5/general-topics/help-with-custom-datafield-or-vulnerability/m-p/48825#M35963 HULK 2014-08-25T20:02:47Z https://live.paloaltonetworks.com/t5/general-topics/help-with-custom-datafield-or-vulnerability/m-p/48826#M35964 <HTML><HEAD></HEAD><BODY><P>Hello MAckwage,</P><P></P><P>It should be easily doable with Object &gt; Security Profile &gt; Data Filtering.</P><P></P><P>In Data Filtering, you have leverage to specify different kind of patterns.</P><P></P><P>Please refer following document for data filtering.</P><P><A _jive_internal="true" href="/search.jspa?q=data filtering" title="https://live.paloaltonetworks.com/search.jspa?q=data+filtering">https://live.paloaltonetworks.com/search.jspa?q=data+filtering</A></P><P></P><P>Let me know if this helps.</P><P></P><P>Regards,</P><P>Hardik Shah</P></BODY></HTML> Mon, 25 Aug 2014 20:05:25 GMT https://live.paloaltonetworks.com/t5/general-topics/help-with-custom-datafield-or-vulnerability/m-p/48826#M35964 hshah 2014-08-25T20:05:25Z