Custom Signatures
The Custom Signatures discussion is a resource for security professionals to discuss the creation process of custom signatures in their PAN-OS appliance.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Custom Signatures
The Custom Signatures discussion is a resource for security professionals to discuss the creation process of custom signatures in their PAN-OS appliance.
About Custom Signatures

Welcome to the Custom Signatures discussion forum. This forum exists as a resource for security professionals to discuss the creation process of custom signatures in their PAN-OS appliance. Please feel free to engage with other community members and Palo Alto Networks staff. Ideas, questions, research, and observations regarding the process of custom signature creation are all actively encouraged.

For an introduction to the forum, please see the sticky!

Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to custom signatures. Please use the information from this forum at your own risk and make sure to test and verify any signature and code presented here. For information on contacting Palo Alto Networks support, click here.

Discussions

Wildfire

Hello Team,

 

We have an alert in our Splunk for Palo Alto Wildfire with threat name as "Email Link". However checking, see both user and recipients are same for the alert log and don't see any such subjected email in our Email Gateway (Proofpoint).

...

intermediate certificates

Hello everyone,

 

Is there a solution other than manually importing intermediate certificates into the Palo Alto Firewall (PAN-OS10.2.9-h1)?

Since there are weekly a few websites with this problem popping up.

 

I already know the import procedure tha

...

smledv by L0 Member
  • 668 Views
  • 1 replies
  • 0 Likes

Blocking claudebot from scanning sites

Is it possible to create a rule/application (or if there is an existing one) to block certain bots from scanning websites behind the firewall?  I see the claude application, but I'm guessing this is more for outbound requests than for blocking the bo

...

adepinto by L0 Member
  • 1510 Views
  • 1 replies
  • 0 Likes

Zoom phone custom signature thru: ssl-req-chello-sni

Hi everyone!

 

We are currently moving our phone system to zoom, and we had an issue with the zoom application, some of their traffic its categorized as an incomplete causing that some calls hang out, or don't ring, i downloaded the packet capture lo

...

R.Tudon by L1 Bithead
  • 1142 Views
  • 0 replies
  • 0 Likes

Palo Alto Threat Vault AntiVirus Signatures

Hi Community!

 

I wanted to better understand how Palo Alto ties it's detections with its Unique Threat ID to the Wildfire Virus Detections. 

 

For example, we have been receiving a steady amount of alerting for a Virus File and Palo Alto gives us th

...

Brute Force GlobalProtect Portal via GP app

I'm looking for a way to define a custom signature that can detect brute force attempts on the GlobalProtect portal that aren't based on the portal login page. I already have ID 40017 - VPN: Palo Alto Networks SSL VPN Authentication Brute Force Attem

...

alexg_8_3-1679925356788.png
alexg_8_2-1679925327162.png
alexg_8_4-1679925519836.png
alexg_8 by L1 Bithead
  • 7569 Views
  • 3 replies
  • 2 Likes

Palo Alto Reponse to CVE-2023-48795

Hi all! I am curious whether  anyone knows if Palo Alto has any made any response to CVE-2023-48795? This vulnerabilities has been out for awhile and other vendors have already provided some types of response however, I am not able to find one from P

...

We updated the dynamic antivirus database and threats, but it failed

I've been waiting for 3 days to get help !

 

 

 

My introduction is Mr. Dwi

From PT. Tabsolutions

Indonesia

This is my device

 

Device Name                      : PA-3020-PLN

Software Version              : 9.1.16

Globalprotect Agent        : 5.2.12

...

dwi by L0 Member
  • 2105 Views
  • 2 replies
  • 0 Likes

creation of custom app id

Hello everybody, i need to create custom app id in firewall for only gives access to get method while api call, but when i wrote signature i can not define the contex of the method in http request.Any help?

  • 164 Posts
  • 82 Subscriptions
Labels