intermediate certificates

Hello everyone,

Is there a solution other than manually importing intermediate certificates into the Palo Alto Firewall (PAN-OS10.2.9-h1)?

Since there are weekly a few websites with this problem popping up.

I already know the import procedure tha

Blocking claudebot from scanning sites

Is it possible to create a rule/application (or if there is an existing one) to block certain bots from scanning websites behind the firewall?  I see the claude application, but I'm guessing this is more for outbound requests than for blocking the bo

Zoom phone custom signature thru: ssl-req-chello-sni

Hi everyone!

We are currently moving our phone system to zoom, and we had an issue with the zoom application, some of their traffic its categorized as an incomplete causing that some calls hang out, or don't ring, i downloaded the packet capture lo

Sending NFGW (Palo Alto) firewall logs to Cortex XDR.

I would like to know if it would be possible to send the logs to Cortex XDR, using Cortex XDR PRO PER ENDPOINT licensing? What would be the possible methods?

I know it is possible using Cortex Data Lake, but with Pro-GB licensing.

Palo Alto Threat Vault AntiVirus Signatures

Hi Community!

I wanted to better understand how Palo Alto ties it's detections with its Unique Threat ID to the Wildfire Virus Detections. 

For example, we have been receiving a steady amount of alerting for a Virus File and Palo Alto gives us th

Windows Update Delivery Optimization (WUDO) Custom App-ID

Just seeking a Custom App-ID for Windows Update Delivery Optimization (WUDO).

Can custom appIDs, without signatures, be applied directly to a security policy?

For this discussion, we created custom appID `myApp`, it has NO signature.

If `myApp` uses port 22, the port of another known app (SSH), then to use `myApp`, it must be applied to an App Override policy.

But what if `myApp` uses unique port 2121,

We updated the dynamic antivirus database and threats, but it failed

I've been waiting for 3 days to get help !

My introduction is Mr. Dwi

From PT. Tabsolutions

Indonesia

This is my device

Device Name                      : PA-3020-PLN

Software Version              : 9.1.16

Globalprotect Agent        : 5.2.12

creation of custom app id

Hello everybody, i need to create custom app id in firewall for only gives access to get method while api call, but when i wrote signature i can not define the contex of the method in http request.Any help?

CVE-2023-38802 Dynamic Update Signature

Hi Palo Alto Networks Team, 

I would like to request to add CVE-2023-38802 vulnerability signature to dynamic update. 

I have a few of client having concern about this signature.

Regarding for reason and detect contents.

What communications does this rule detect?

I want to confirm is correct an answer by user.

Answer by user: In order to split the CSV, I created and executed "extract.bat".

Detection Rule:

・Behavioral threat detected (rule: powershell_cradles.b)

s

Customizing Response pages

Need help in identifying a document with all the variables listed to customize response page. This customization is to inform users, the reason why the URL is blocked

Looking for help with a custom vulnerability signature to detect usage of the RC4 cipher set

I am struggling with getting a custom vulnerability signature to detect RC4 server responses.  We have created other custom signatures that are working just fine within the same test policy.  For example, checking for TLS 1.0, 1.1 etc.... I have trie

Issues Creating Custom App

In order to allow Updates to OneDrive im trying to create a custom application. (since I'm blocking PE) as it is detected as web-browsing. It does not detect that ms one drive premade application. 

I created a custom signature with the Client hello

signature based http-req-message-body

HI all,

I'm trying to create a custom signature based on the POST payload the client is sending.

This is the POST collected from the server: