Creating Custom Application and Threat Signatures

104543

Created On 09/25/18 18:09 PM - Last Modified 06/02/23 15:01 PM

Custom Signatures

PAN-OS

Environment

Palo Alto Networks next-generation firewall

Cause

Desired coverage not provided by current IPS signatures.

Resolution

This article provides documentation, in PDF form, related to creating custom application and custom vulnerability signatures. This documentation contains regex basics, details for each custom signature context, and walk-through examples for signature creation.

Further resources have also been provided in the 'Additional Information' section.

Additional Information

Additional Article Resources:

TIPS & TRICKS: CUSTOM VULNERABILITY
5 STEPS TO A CUSTOM THREAT SIGNATURE
CREATING CUSTOM THREAT SIGNATURES FROM SNORT SIGNATURES
CREATING A CUSTOM COMBINATION (BRUTE FORCE) SIGNATURE
HOW TO GET HELP DEVELOPING CUSTOM APP, THREAT OR DATA FILTERING SIGNATURES

Additional links with other use cases and useful information:

Custom vulnerability signature to detect FTP active mode
Custom vulnerability signature for identifying WindowsXP
List of different User-Agent strings
Testing Pattern Performance Impact

Creating Custom Application and Threat Signatures

Environment

Cause

Resolution

Additional Information

Other users also viewed: