This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Custom Signatures
The Custom Signatures discussion is a resource for security professionals to discuss the creation process of custom signatures in their PAN-OS appliance.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Custom Signatures
The Custom Signatures discussion is a resource for security professionals to discuss the creation process of custom signatures in their PAN-OS appliance.
About Custom Signatures

Welcome to the Custom Signatures discussion forum. This forum exists as a resource for security professionals to discuss the creation process of custom signatures in their PAN-OS appliance. Please feel free to engage with other community members and Palo Alto Networks staff. Ideas, questions, research, and observations regarding the process of custom signature creation are all actively encouraged.

For an introduction to the forum, please see the sticky!

Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to custom signatures. Please use the information from this forum at your own risk and make sure to test and verify any signature and code presented here. For information on contacting Palo Alto Networks support, click here.

Discussions

Start a conversation

Welcome to the Custom Signatures Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 3510 Views
  • 0 replies
  • 0 Likes

Welcome to the Palo Alto Networks Custom Signature discussion board!

The purpose of this board is to discuss everything related to custom signature creation in PAN-OS devices. Palo Alto Networks delivers a large quantity of coverage in our weekly content updates; however, we know that our customers are staffed by dedicated security professionals as well, and we would like to provide an environment in which to fos...

rcole by L4 Transporter
  • 37676 Views
  • 4 replies
  • 4 Likes

New articles about how to create signatures without or with AI (ChatGPT/OpenAI)

Hey everyone, Here are my articles about creating Palo Alto signatures that anyone in the community could find useful: How to Write Palo Alto Networks Custom Vulnerability and Application Signatures with Examples LIVEcommunity - Rate-Limiting File Uploads with Palo Alto Networks Custom Signatures - LIVEcommunity - 1239571 LIVEcommunity -...

DNS req/res does not work with "transaction" scope

Hi all, I'm playing with the app-id custom signature to catch the DNS Rebinding. I have some experience with the custom app-ids and I do understand the difference between the "transaction" and "session" context (well, at least I thought so). The thing is... I want to base my signature based on the DNS req and res in a way they need to be "glue...

dsebalj by L1 Bithead
  • 5635 Views
  • 3 replies
  • 0 Likes

x.com website api calls classified as twitter-messaging

Starting a week or two ago one of my customers started experiencing website issues with x.com. Their current environment allows application "twitter-base" but not "twitter-messaging". It appears that with a recent content update Palo now classifies the internal x.com website api calls as "twitter-messaging" which my customer blocks causing the p...

Cisco ASA Recent CVE News

Palo Alto put out the following article on this topic, and it was very helpful: https://unit42.paloaltonetworks.com/zero-day-vulnerabilities-affect-cisco-software/ We are still curious if Palo has plans to put out IPS signatures covering CVE-2025-20362, CVE-2025-20333, or CVE-2025-20363. We have not seen any updates or mentions on the forum.

SQLMap scan from PaloAlto

Dear Palo Alto Networks Team, we have observed activity consistent with an SQLmap scan originating from IP address 130.41.202.30 against our infrastructure; please could you investigate and provide an explanation for this activity, including whether it originated from your systems or a third-party service operating under your IP range.

How to specify multiple conditions for the "test custom-signature-perf" command

Hello Team, I'm currently creating a custom signature. I'm checking performance using the following command. test custom-signature-perf context <context> pattern <pattern> https://docs.paloaltonetworks.com/pan-os/u-v/custom-app-id-and-threat-signatures/custom-application-and-threat-signatures/testing-pattern-performance-impact ...

Brute Force GlobalProtect Portal via GP app

I'm looking for a way to define a custom signature that can detect brute force attempts on the GlobalProtect portal that aren't based on the portal login page. I already have ID 40017 - VPN: Palo Alto Networks SSL VPN Authentication Brute Force Attempt - in place and working fine, however I realized that I'm seeing attacks now where someone has ...

alexg_8_3-1679925356788.png
alexg_8_2-1679925327162.png
alexg_8_4-1679925519836.png
alexg_8 by L1 Bithead
  • 14658 Views
  • 5 replies
  • 2 Likes

Custom Application - Exception for AWS

Looking for some help from smart people. Uploading and Downloading per application to/from AWS is not allowed per our InfoSec team. We have more and more cloud based web applications coming through now that are using AWS on the backend and that is blocking things. I would like to see if there's a way to build a custom application to key on ...

2025-04-16 16_05_00-Window.png
2025-04-16 16_04_41-Window.png

Article about custom Palo Alto signatures

Hello Everyone, I have made an article about making custom signatures for the community 😀 Here is the link for anyone interested: How to Write Palo Alto Networks Custom Vulnerability and Application Signatures with Examples | Palo Alto Networks

Palo Alto Reponse to CVE-2023-48795

Hi all! I am curious whether anyone knows if Palo Alto has any made any response to CVE-2023-48795? This vulnerabilities has been out for awhile and other vendors have already provided some types of response however, I am not able to find one from Palo Alto. FYI, CVE-2023-48795 also known as Terrapin which is found in the SSH protocol and af...

Welcome to the Custom Signatures Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 3510 Views
  • 0 replies
  • 0 Likes

Receiving too many alerts when a route or ISP link goes up or down.

Hello. I have a Palo Alto PA-440 We have enabled path monitoring for our ISPs, with the destination address/monitor IP set to 8.8.8.8. The ping interval is set to 3 seconds, and the ping count is 5. Additionally, we have configured and enabled system email alerts for the severity level "Critical". As soon as any of the ISPs is down or the route ...

Rehaman by L0 Member
  • 3415 Views
  • 0 replies
  • 1 Likes

Wildfire

Hello Team, We have an alert in our Splunk for Palo Alto Wildfire with threat name as "Email Link". However checking, see both user and recipients are same for the alert log and don't see any such subjected email in our Email Gateway (Proofpoint). What does it means when I don't see any internal recipient but smtp logs are recorded within our ...

  • 175 Posts
  • 86 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks