Custom Signatures
The Custom Signatures discussion is a resource for security professionals to discuss the creation process of custom signatures in their PAN-OS appliance.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Custom Signatures
The Custom Signatures discussion is a resource for security professionals to discuss the creation process of custom signatures in their PAN-OS appliance.
About Custom Signatures

Welcome to the Custom Signatures discussion forum. This forum exists as a resource for security professionals to discuss the creation process of custom signatures in their PAN-OS appliance. Please feel free to engage with other community members and Palo Alto Networks staff. Ideas, questions, research, and observations regarding the process of custom signature creation are all actively encouraged.

For an introduction to the forum, please see the sticky!

Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to custom signatures. Please use the information from this forum at your own risk and make sure to test and verify any signature and code presented here. For information on contacting Palo Alto Networks support, click here.

Discussions

Regarding for reason and detect contents.

What communications does this rule detect?

I want to confirm is correct an answer by user.

Answer by user: In order to split the CSV, I created and executed "extract.bat".

 

Detection Rule:

・Behavioral threat detected (rule: powershell_cradles.b)

 

s

...

Customizing Response pages

Need help in identifying a document with all the variables listed to customize response page. This customization is to inform users, the reason why the URL is blocked

Issues Creating Custom App

In order to allow Updates to OneDrive im trying to create a custom application. (since I'm blocking PE) as it is detected as web-browsing. It does not detect that ms one drive premade application. 

 

I created a custom signature with the Client hello

...

signature based http-req-message-body

HI all,

I'm trying to create a custom signature based on the POST payload the client is sending.

This is the POST collected from the server:

 

POST /pds HTTP/1.1 Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image...

body.png

Resolved! Custom Vulnerability to Block Old Browser Versions

Would anyone know how to properly identify and block old browser versions using custom vulnerability object? I need help with the proper "pattern" to use to be able to identify the version. I know that there is the following guide:

https://knowledgeba

...

RyanViq by L0 Member
  • 5693 Views
  • 3 replies
  • 0 Likes

Block Platform by Country of Ownership

Hello everyone. I work at a public community college. Our state legislature has proposed legislation that would require us to block any video platform if the platform is owned by a company headquartered outside of the United States. I currently have

...

Vulnerabilities

Seeking help creating Policies to report, log, or restrict outdated Browsers from accessing Internet Content.  Seems like this would be integrated into the policies.  Thanks

 

Examples:

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (K

...

SMTP Brute Force - different source IPs

The scenario I am seeing is SMTP brute force attempts against a username, but each time the source IP address is different, I guess they are using a botnet.  Exchange will tarpit the IP for 30 seconds for the failed authentication, but it doesn't mat

...

cenders by L3 Networker
  • 4366 Views
  • 4 replies
  • 1 Likes
  • 164 Posts
  • 82 Subscriptions
Labels