Welcome to the Custom Signatures discussion forum. This forum exists as a resource for security professionals to discuss the creation process of custom signatures in their PAN-OS appliance. Please feel free to engage with other community members and Palo Alto Networks staff. Ideas, questions, research, and observations regarding the process of custom signature creation are all actively encouraged.
For an introduction to the forum, please see the sticky!
Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to custom signatures. Please use the information from this forum at your own risk and make sure to test and verify any signature and code presented here. For information on contacting Palo Alto Networks support, click here.
The purpose of this board is to discuss everything related to custom signature creation in PAN-OS devices. Palo Alto Networks delivers a large quantity of coverage in our weekly content updates; however, we know that our customers are staffed by dedi
...
Hi,
Nowadays some attackers attack our web site relevant code injection. Perimeter firewall is Palo Alto and seperator firewall is Fortinet. This attack type is below that's not keeping by PA but it's keeping FG so prevent.
I obsevered this signature
...
hello guyes.
what will be the right way to describe the custom application for the pcap in the attach?
the unique id is the fqdn site1.qwe.loc
HI @reaper
Palo alto is releasing content update every week and changes in default action will be changed periodically.
Recenty in Content version 8146 vulnerability 55570 Oracle WebLogic wls9-async Remote Code Execution Vulnerability action is se
...
Hi community
Does anyone already managed to block access to websites available directly with their IP? Actually with regex this would be an easy task, but I have some difficulties creating a custom application signature as there isn't the full regex
...
I created custom app for ldaps tcp/636 based on signature (ssl-rsp-certificate) which contains text from certificate
This caused https - tcp/443 (ssl based) traffic to match this new custom app.
After some investigation I realised that https context ss
nikoolayy1
on:
Frebniis Malware Hijacks Microsoft IIS Function to Deploy Backdoor
nikoolayy1
on:
Vulnerabilities
nikoolayy1
on:
SMTP Brute Force - different source IPs
nikoolayy1
on:
Has anyone done a custom APP to block recursive DNS queries?
nikoolayy1
on:
Minimal configuration for Custom Apps
nikoolayy1
on:
Custom signature for catch specific query
nikoolayy1
on:
Cortex XDR block file execution based on ico\file name
| Subject | Likes |
|---|---|
| 1 Like | |
| 1 Like |
