Custom Signatures

Palo Alto Reponse to CVE-2023-48795

Hi all! I am curious whether  anyone knows if Palo Alto has any made any response to CVE-2023-48795? This vulnerabilities has been out for awhile and other vendors have already provided some types of response however, I am not able to find one from P

Custom Application - Exception for AWS

Looking for some help from smart people. 

Uploading and Downloading per application to/from AWS is not allowed per our InfoSec team.  We have more and more cloud based web applications coming through now that are using AWS on the backend and that i

Have you tried using Chatgpt to help you with signature regex?

I am not asking a question but giving an advice to the community that AI helps with regex expressions 

Welcome to the Custom Signatures Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

Estoy en Chile, sin acceso a VPN GLOBAL Protect

Hoy am, el VPN Global Protect empezo a actualizarse, y luego desapareció del escritorio y barra de tareas. Chile Bio bio.

Como se soluciona esto? que otra alternativa tenemos para conectarnos si estamos con teletrabajo

Receiving too many alerts when a route or ISP link goes up or down.

Hello.

I have a Palo Alto PA-440

We have enabled path monitoring for our ISPs, with the destination address/monitor IP set to 8.8.8.8. The ping interval is set to 3 seconds, and the ping count is 5.

Additionally, we have configured and enabled system

Wildfire

Hello Team,

We have an alert in our Splunk for Palo Alto Wildfire with threat name as "Email Link". However checking, see both user and recipients are same for the alert log and don't see any such subjected email in our Email Gateway (Proofpoint).

Custom App-ID with just source and destination ip address

Hi,

I have some traffic on a tap interface that I would like to create an APP-ID to identify it in the monitor logs. This a seperate network with its own custom application and functions. I have done some pcap's and can't see distinct data that rel

App-ID through SSL Client Hello

Dear All,

i have gone through packet capture to create an App-ID for the the bellow traffic :

I don't get the respective traffic translated though.

Any thoughts why?

intermediate certificates

Hello everyone,

Is there a solution other than manually importing intermediate certificates into the Palo Alto Firewall (PAN-OS10.2.9-h1)?

Since there are weekly a few websites with this problem popping up.

I already know the import procedure tha

Blocking claudebot from scanning sites

Is it possible to create a rule/application (or if there is an existing one) to block certain bots from scanning websites behind the firewall?  I see the claude application, but I'm guessing this is more for outbound requests than for blocking the bo

Zoom phone custom signature thru: ssl-req-chello-sni

Hi everyone!

We are currently moving our phone system to zoom, and we had an issue with the zoom application, some of their traffic its categorized as an incomplete causing that some calls hang out, or don't ring, i downloaded the packet capture lo

Sending NFGW (Palo Alto) firewall logs to Cortex XDR.

I would like to know if it would be possible to send the logs to Cortex XDR, using Cortex XDR PRO PER ENDPOINT licensing? What would be the possible methods?

I know it is possible using Cortex Data Lake, but with Pro-GB licensing.

Palo Alto Threat Vault AntiVirus Signatures

Hi Community!

I wanted to better understand how Palo Alto ties it's detections with its Unique Threat ID to the Wildfire Virus Detections. 

For example, we have been receiving a steady amount of alerting for a Virus File and Palo Alto gives us th

Windows Update Delivery Optimization (WUDO) Custom App-ID

Just seeking a Custom App-ID for Windows Update Delivery Optimization (WUDO).