This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Custom Signatures
The Custom Signatures discussion is a resource for security professionals to discuss the creation process of custom signatures in their PAN-OS appliance.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Custom Signatures
The Custom Signatures discussion is a resource for security professionals to discuss the creation process of custom signatures in their PAN-OS appliance.
About Custom Signatures

Welcome to the Custom Signatures discussion forum. This forum exists as a resource for security professionals to discuss the creation process of custom signatures in their PAN-OS appliance. Please feel free to engage with other community members and Palo Alto Networks staff. Ideas, questions, research, and observations regarding the process of custom signature creation are all actively encouraged.

For an introduction to the forum, please see the sticky!

Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to custom signatures. Please use the information from this forum at your own risk and make sure to test and verify any signature and code presented here. For information on contacting Palo Alto Networks support, click here.

Discussions

Start a conversation

Welcome to the Custom Signatures Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 3495 Views
  • 0 replies
  • 0 Likes

Welcome to the Palo Alto Networks Custom Signature discussion board!

The purpose of this board is to discuss everything related to custom signature creation in PAN-OS devices. Palo Alto Networks delivers a large quantity of coverage in our weekly content updates; however, we know that our customers are staffed by dedicated security professionals as well, and we would like to provide an environment in which to fos...

rcole by L4 Transporter
  • 37594 Views
  • 4 replies
  • 4 Likes

Signature for HULK attack?

Hi Everyone, We are in the process of migrating from Cisco ASA firewalls on our Edge to PA 5020. Recently one of our websites was hit with a DDoS attack. After analysis, we determined that it was the HULK attack. I got my hands on the HULK python script https://packetstormsecurity.com/files/112856/HULK-Http-Unbearable-Load-King.html and I'm cur...

Creating a Custom Application using a VLAN tag as the signature

All, I am trying to create a custom application that will be used for a rule instead of having to use standard ports. All traffic for this application is being tagged with a 802.1Q virtual Lan , PRI: 0, CFI 0, ID: XXX. I have tried creating a signature to trigger on this vlan ID with no success. Every signature type i use has not worked to th...

Resolved! Detect any ELF executable

I would like to block any ELF executable, but this is not support in file blocking. I have tried to achieve this using two methods: Create a custom data pattern. This didn't really work out, as the minimum string length is 7 bytes, but the file identifier is only four, plus it needs to be in the start of the file rather than anywhere in the file...

How to create RegEx Custom Vulnerability Object for detection FTP injection

Hi I try to create Custom Object to detect FTP injection. I wrote pattern " .*(\%0d\%0a) " but it show operation fail pattern must be at least 7 bytes. How i create RegEx pattern to match "%0d%0a" in below command. ftp://a%0D%0A EHLO%20a%0D%0A MAIL%20FROM%3A%3Ca%40example.org%3E%0D%0A RCPT%20TO%3A%3Calech%40alech.de%3E%0D%0A DATA%0D%0A From%3A...

Possible To Block HTTP/1.0 Requests?

Can't seem to find a way to do it. I don't see a built-in signature, and was going to make a custom one, but the patern match context doesn't seem to cover the HTTP version for some odd reason. Maybe I'm missing something?

pwebber by L2 Linker
  • 5266 Views
  • 3 replies
  • 0 Likes

PAN-SA Signatures

Good day, Seeing as security device targetted attacks a re increasing, I'd like to know if PANW releases the PAN-SA advisories as actual signatures. I can filter and analyse the CVE's disclosed for each PAN-SA, when available, but therse are general signatures. Is there a way to have an actual, or custom, signature matching for attacks on the PA...

BruceL by L0 Member
  • 1950 Views
  • 0 replies
  • 0 Likes

help on Custom signature base on the return traffic

Dear Bros Anyone has the experience of create custom signature base on the return traffic? attached please find the PCAP file This is JBoss attack while custom want us to alert base on the server return traffic content pattern which means attack most likely successful Attacker:10.63.212.201 server:10.10.228.94

kowu by L1 Bithead
  • 5034 Views
  • 5 replies
  • 0 Likes

Custom Application Signatures

Hi I have created custom Application id for one of my web application server hosted in Amazon cloud. but its not working. can anyone help against this. Here with i have attached xml file for your reference.

Ntrust by L0 Member
  • 3611 Views
  • 2 replies
  • 0 Likes

Signatures (Custom /Default ) Signature

Hi Team, Need some info on Signature. My question here is Can We able to see the Default Signature or the customized Signature with the read only access. If yes then can any body help me out to know the process. Thanks in advance.Uma.

Detecting a specific Linux binary(ELF) file using a custom signature

DISCLAIMER: As with all custom signatures on this forum, this signature is being provided by the author as a result of enthusiasm for the product and to share ideas with the Palo Alto Networks security community. It is: - Not recommended for deployment in a production network of any kind without internal testing. - Not a solution to any vuln...

Screen Shot 2016-06-16 at 2.13.38 PM.png
Screen Shot 2016-06-16 at 4.17.41 PM.png
Screen Shot 2016-06-16 at 2.19.44 PM.png
Screen Shot 2016-06-16 at 2.19.53 PM.png
nsheikh by L1 Bithead
  • 11053 Views
  • 2 replies
  • 0 Likes

Custom Threat Signature for unique EXE files

DISCLAIMER:As with all custom signatures on this forum, this signature is being provided by the author as a result of enthusiasm for the product and to share ideas with the Palo Alto Networks security community. It is: - Not recommended for deployment in a production network of any kind without internal testing.- Not a solution to any vulnerabil...

CustomVuln1.png
customVuln2.png
customVuln3.png
cusomVuln4.png
tboire by L3 Networker
  • 3139 Views
  • 0 replies
  • 1 Likes

Custom Signature for Email Headers

I am trying to create a custom signature with the purpose of preventing malicious/phishing/spam emails with the firewall before it hits our mail gateway. For the most part we have been successful with this technique but I am struggling with creating a signature to essentially work as a wildcard. If anyone could take a look at my scenario and pr...

pic.PNG
clewis1 by L3 Networker
  • 7692 Views
  • 6 replies
  • 0 Likes
  • 175 Posts
  • 86 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks