CVE-2023-38802 Dynamic Update Signature

Hi Palo Alto Networks Team, 

I would like to request to add CVE-2023-38802 vulnerability signature to dynamic update. 

I have a few of client having concern about this signature.

Regarding for reason and detect contents.

What communications does this rule detect?

I want to confirm is correct an answer by user.

Answer by user: In order to split the CSV, I created and executed "extract.bat".

Detection Rule:

・Behavioral threat detected (rule: powershell_cradles.b)

s

Customizing Response pages

Need help in identifying a document with all the variables listed to customize response page. This customization is to inform users, the reason why the URL is blocked

Looking for help with a custom vulnerability signature to detect usage of the RC4 cipher set

I am struggling with getting a custom vulnerability signature to detect RC4 server responses.  We have created other custom signatures that are working just fine within the same test policy.  For example, checking for TLS 1.0, 1.1 etc.... I have trie

Issues Creating Custom App

In order to allow Updates to OneDrive im trying to create a custom application. (since I'm blocking PE) as it is detected as web-browsing. It does not detect that ms one drive premade application. 

I created a custom signature with the Client hello

signature based http-req-message-body

HI all,

I'm trying to create a custom signature based on the POST payload the client is sending.

This is the POST collected from the server:

.

.

Frebniis Malware Hijacks Microsoft IIS Function to Deploy Backdoor

https://www.securityweek.com/frebniis-malware-hijacks-microsoft-iis-function-to-deploy-backdoor/

Any signatures available?

Advice on blocking the 'EXTENSION PACKS for Oracle Virtual Box

Oracle's Virtual Box is free and available to use under the GPL v2 license terms.

They have Extension Pack which is not free and can invoke a software audit if found. 

We are looking to see if anyone has an application snippet to prevent download of

Block Platform by Country of Ownership

Hello everyone. I work at a public community college. Our state legislature has proposed legislation that would require us to block any video platform if the platform is owned by a company headquartered outside of the United States. I currently have

Vulnerabilities

Seeking help creating Policies to report, log, or restrict outdated Browsers from accessing Internet Content.  Seems like this would be integrated into the policies.  Thanks

Examples:

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (K

Has anyone done a custom APP to block recursive DNS queries?

 I've built two signatures for DNS.  One to indicate recursive lookup and not recursive lookup.   When I test,  the app that is evaluated first is triggered.  reverse the order and the formerly 2nd app triggers.   It is like the expressions are not e

SMTP Brute Force - different source IPs

The scenario I am seeing is SMTP brute force attempts against a username, but each time the source IP address is different, I guess they are using a botnet.  Exchange will tarpit the IP for 30 seconds for the failed authentication, but it doesn't mat

How to change company field in Paloalto networks

How to change the company name field in the profile