"email-headers" and "smtp-email-headers" context in customer application definition

Hello,

Is there any difference between "email-headers" and "smtp-email-headers" context in the customer application definition?

I didn't find description of the "smtp-email-headers" context in "Custom Application IDs and Signatures" guide.

Maybe "email-

Letsencrypt (acme) challenge URL

I created this pattern to recognize Letsencrypt (acme-protocol) challenge.

You need to create a custom application with these fields:

• Typo: Transaction

•  

  Context: http-req-uri-path

•  

  Pattern:

That's the best I could bet.

Custom signature for catch specific query

Hello all

I'm trying to catch suspicious ldap queries (recon activity).
For the example I want catch this kind of querie : (primaryGroupID=512)

I tried to make a custom rule. However for ldap, there are only 2 possibilities:
- ldap-req-searchrequest-bas

Allow or drop traffic based on headers

Hi,
I need to allow/drop traffic based on headers.
I need a custom signature to make sure the HOST is one of:
1. abc.com (or)
2. xyz.com

AND
The XFF header is one of:
1. 1.1.1.1 (or)
2. 2.2.2.2 (or)
3. 3.3.3.3

AND
A header name "X-MyHeader" has the value: "123"

Custom Signature to detect a PDF file

DISCLAIMER:

As with all custom signatures on this forum, this signature is being provided by the author as a result of enthusiasm for the product and to share ideas with the Palo Alto Networks security community.

It is:

- Not recommended fo

Limiting http methods to specific URLs

Has anyone had luck limiting http methods like PUT to limited URLs? For example, limiting a PUT to https://www.foo.com/ but not to https://www.foo.com/folder1 ? I've created a custom vulnerability that allows the http-method (http-req-header length >

DDOS, Brute force and referer header match options with custom signatures for app-id and vulnerability.

Hello to All,

I have made a post with examples in an another part of this forum but now I see that there is a seperate discussion for custom signatures, so I am posting it here. Now with version 10 as there is no 7 byte limit it is much more easier

Welcome to the Palo Alto Networks Custom Signature discussion board!

The purpose of this board is to discuss everything related to custom signature creation in PAN-OS devices. Palo Alto Networks delivers a large quantity of coverage in our weekly content updates; however, we know that our customers are staffed by dedi

Custom objects signature - DNS query length

Hello

I am trying to create a custom object / custom spyware signature based on dns-req-section that would alert when the requested domain via dns is longer than x amount of characters.
Currently I am stuck at the pattern requirement to have 7 fixed by

Application ID for MS-Edge

Due to the constraints placed on us by management, we don't support Chrome, and early on, I created a custom app ID specifically for Chrome and was able to block it fairly effectively.  Then MS released Edge, which fouled everything up.  So all of th

Custom Snort Signature context operator not found

creating a custom snort signature on Palo alto Firewall but didn’t found the concern context operator for match pattern.

Shall we create a context operator or how it can add the pattern if the context operator is not available?

For example:

alert tcp $

vulnerability signature with payload and negate

Hello.

I'm trying to write a custom app and vulnerability signature. Signatures are based on UDP-payload.

When I use the custom app signature, vulnerability detection does not work. Can I somehow turn on CTD for the custom app?

The other problem is that

Block Pubg and Fortnite

Hi,

Is anyone tried to block PUBG and Fortnite? I tried everything its not able to, please suggest the step would be helpful.

Regards

Asif