This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Custom Signatures
The Custom Signatures discussion is a resource for security professionals to discuss the creation process of custom signatures in their PAN-OS appliance.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Custom Signatures
The Custom Signatures discussion is a resource for security professionals to discuss the creation process of custom signatures in their PAN-OS appliance.
About Custom Signatures

Welcome to the Custom Signatures discussion forum. This forum exists as a resource for security professionals to discuss the creation process of custom signatures in their PAN-OS appliance. Please feel free to engage with other community members and Palo Alto Networks staff. Ideas, questions, research, and observations regarding the process of custom signature creation are all actively encouraged.

For an introduction to the forum, please see the sticky!

Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to custom signatures. Please use the information from this forum at your own risk and make sure to test and verify any signature and code presented here. For information on contacting Palo Alto Networks support, click here.

Discussions

Start a conversation

Welcome to the Custom Signatures Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 916 Views
  • 0 replies
  • 0 Likes

PAN-SA Signatures

Good day,

 

Seeing as security device targetted attacks a re increasing, I'd like to know if PANW releases the PAN-SA advisories as actual signatures. I can filter and analyse the CVE's disclosed for each PAN-SA, when available, but therse are general

...

BruceL by L0 Member
  • 1778 Views
  • 0 replies
  • 0 Likes

help on Custom signature base on the return traffic

Dear Bros

 

     Anyone has the experience of create custom signature base on the return traffic? attached please find the PCAP file

 

     This is JBoss attack while custom want us to alert base on the server return traffic content pattern which means a

...

kowu by L1 Bithead
  • 4544 Views
  • 5 replies
  • 0 Likes

Custom Application Signatures

Hi

 

I have created custom Application id for one of my web application server hosted in Amazon cloud. but its not working. can anyone help against this.  Here with i have attached xml file for your reference.

Ntrust by L0 Member
  • 3294 Views
  • 2 replies
  • 0 Likes

Signatures (Custom /Default ) Signature

Hi Team,

 

 

Need some info on Signature.

 

My question here is  Can We able to see the Default Signature or the customized Signature  with the read only access. If yes then can any body help me out to know the process. 

 

Thanks in advance.

Uma.

Custom Threat Signature for unique EXE files

DISCLAIMER:

As with all custom signatures on this forum, this signature is being provided by the author as a result of enthusiasm for the product and to share ideas with the Palo Alto Networks security community.

 

It is:

 

- Not recommended for deploymen

...

CustomVuln1.png
customVuln2.png
customVuln3.png
cusomVuln4.png
tboire by L3 Networker
  • 2954 Views
  • 0 replies
  • 1 Likes

Custom Signature for Email Headers

I am trying  to create a custom signature with the purpose of preventing malicious/phishing/spam emails with the firewall before it hits our mail gateway. For the most part we have been successful with this technique but I am struggling with creating

...

pic.PNG
clewis1 by L3 Networker
  • 7083 Views
  • 6 replies
  • 0 Likes

Signature for Clash of Clans game

I built the attached custom application signature for the Clash of Clans game (previously identified as unknown-tcp) based on taking multiple pcaps and finding the first 7 bytes of the first 4 data packets appear to be constant across sessions. Howev

...

david3 by L4 Transporter
  • 11180 Views
  • 3 replies
  • 1 Likes

Example Signature for WPAD.DAT Exploitation (TA16-144A)

One attack avenue for an organization that the US-CERT is currently alerting on is the abuse of Web Proxy Auto-Discovery in order to hijack traffic by directing a web browser to a proxy they own.

 

The technical details are available at: https://www.

...

rcole by L4 Transporter
  • 7240 Views
  • 0 replies
  • 1 Likes

Resolved! Singature for Jabber tcp/2748

Hi, I try to create a custom signature for Jabber CTI (http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/port/9_0_1/CUCM_BK_T98E8963_00_tcp-port-usage-guide-90/CUCM_BK_T98E8963_00_tcp-port-usage-guide-90_chapter_01.html) running on port 2748.

 

...

Resolved! Signature by hostname

Hello guys,

 

We recently discover that sometimes, ramdonly, host called "Windows7" trays to mount a shared folder from our fileserver/DC. We discover this because our SIEM correlated some events from de DCserver. Sadly this SIEM do not show us the S

...

JuanB by L1 Bithead
  • 9552 Views
  • 7 replies
  • 0 Likes

Resolved! batch input

Hi,

i was wondering if I can input multiple inputs to create custom signature.

For example, one of our clients received a long list of files regarded as threat but not listed in threat vault. Because the list is long they would like a simpler method

...

  • 170 Posts
  • 85 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks