Certain signatures have a copyable version that anyone can use as a starting point. Go to Evident Monitoring Web UI -> Control Panel -> Signatures, open the search box, and filter by "Copyable" to get a list a copyable signatures. Any signature that is copyable will have a "Copy & Customize" option on it.
Important: Please be aware that while copyable versions have been designed to replicate the functionality of our built-in signatures, they are not copies of the actual code running on our backend and as such are not guaranteed to behave in exactly the same way as the built-in signatures.
Palo Alto Networks has a public GitHub repository that contains numerous custom signatures written over the years. Note that the custom signatures in this repository are not necessarily maintained. It is possible that older examples will no longer function as intended.
Evident Monitoring Docs contain steps to creating custom signatures, which also includes some example code.