we like to block or be alert when the file types .edrw and .easm (eDrawing) are passing the PA. Currently nothing is shown in the Monitoring Data Filtering.
Any idea how to get PAN to update file types in security profiles? Can I somehow report it to PAN?
to have these filetypes added to the file blocking known filetypes you can reach out to your Palo Alto Networks SE to have them added in a feature request for our engineering and product management team to consider.
In the meanwhile you could go ahead and build a custom signature to match attributes common to these types of files (like any strings that would appear in the file) and have them blocked by means of threat prevention
this doc should be helpful: Creating Custom Threat Signatures
I have so many policies, zones etc. For example the internet has so many of custom signatures. So how I have to detect them?
Also I like to see all data traffic in the Data Filtering Monitoring tab...
BTW: Could someone help me to create the custom signature for the both file types written in the first post?
created a custom signature, but I cannot define client2server or server2client. I like to block only uploads but PA is blocking both... could you please take a look?
both (NOT one of them) pattern of this file type should match:
Our profile (add the custom object as exception):
Thx in advance!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!