Welcome to the Custom Signatures discussion forum. This forum exists as a resource for security professionals to discuss the creation process of custom signatures in their PAN-OS appliance. Please feel free to engage with other community members and Palo Alto Networks staff. Ideas, questions, research, and observations regarding the process of custom signature creation are all actively encouraged.
For an introduction to the forum, please see the sticky!
Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to custom signatures. Please use the information from this forum at your own risk and make sure to test and verify any signature and code presented here. For information on contacting Palo Alto Networks support, click here.
The purpose of this board is to discuss everything related to custom signature creation in PAN-OS devices. Palo Alto Networks delivers a large quantity of coverage in our weekly content updates; however, we know that our customers are staffed by dedi
...
I would like to have more granular control over access to Microsoft online resources, specifically Visual Studio tools. Access to the site currently is identified as 'ms-office365-base' but I would like to specifically identify the logon page and res
...
So I'm surprised that the Palo Alto doesn't have a signature to detect OpenVAS scanners. I would like to create a simple rule that detects "User-Agent: OpenVAS" (Ultimately I would like to just block these entirely.
Is something that can be easily bu
...
Is it possible to use the API to create a custom threat or vulnerability signature ? Plenty of examples showing how to do this using the WebUI, but customer is looking for automated ability.
thanks, michael
Hi !
I was refered by TAC support to post requst here. we want to block VPN360 Apps on Iphone. It uses proxy IP to access internet bypassing URL filtering. IP is hopping and changing everytime you disconnected and reconnected App and it is standard S
...
nikoolayy1
on:
Frebniis Malware Hijacks Microsoft IIS Function to Deploy Backdoor
nikoolayy1
on:
Vulnerabilities
nikoolayy1
on:
SMTP Brute Force - different source IPs
nikoolayy1
on:
Has anyone done a custom APP to block recursive DNS queries?
nikoolayy1
on:
Minimal configuration for Custom Apps
nikoolayy1
on:
Custom signature for catch specific query
| Subject | Likes |
|---|---|
| 1 Like | |
| 1 Like | |
| 1 Like |
