This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Custom Signatures
The Custom Signatures discussion is a resource for security professionals to discuss the creation process of custom signatures in their PAN-OS appliance.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Custom Signatures
The Custom Signatures discussion is a resource for security professionals to discuss the creation process of custom signatures in their PAN-OS appliance.
About Custom Signatures

Welcome to the Custom Signatures discussion forum. This forum exists as a resource for security professionals to discuss the creation process of custom signatures in their PAN-OS appliance. Please feel free to engage with other community members and Palo Alto Networks staff. Ideas, questions, research, and observations regarding the process of custom signature creation are all actively encouraged.

For an introduction to the forum, please see the sticky!

Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to custom signatures. Please use the information from this forum at your own risk and make sure to test and verify any signature and code presented here. For information on contacting Palo Alto Networks support, click here.

Discussions

Start a conversation

Welcome to the Custom Signatures Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 3495 Views
  • 0 replies
  • 0 Likes

Welcome to the Palo Alto Networks Custom Signature discussion board!

The purpose of this board is to discuss everything related to custom signature creation in PAN-OS devices. Palo Alto Networks delivers a large quantity of coverage in our weekly content updates; however, we know that our customers are staffed by dedicated security professionals as well, and we would like to provide an environment in which to fos...

rcole by L4 Transporter
  • 37582 Views
  • 4 replies
  • 4 Likes

Custom App-ID with just source and destination ip address

Hi, I have some traffic on a tap interface that I would like to create an APP-ID to identify it in the monitor logs. This a seperate network with its own custom application and functions. I have done some pcap's and can't see distinct data that relate to the context values in the custom App-ID form. Is there a list of what the context values a...

ConorMc by L1 Bithead
  • 7218 Views
  • 4 replies
  • 0 Likes

intermediate certificates

Hello everyone, Is there a solution other than manually importing intermediate certificates into the Palo Alto Firewall (PAN-OS10.2.9-h1)? Since there are weekly a few websites with this problem popping up. I already know the import procedure that is described in the knowledge base. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail...

smledv by L1 Bithead
  • 4092 Views
  • 1 replies
  • 0 Likes

Blocking claudebot from scanning sites

Is it possible to create a rule/application (or if there is an existing one) to block certain bots from scanning websites behind the firewall? I see the claude application, but I'm guessing this is more for outbound requests than for blocking the bot. thanks!

adepinto by L0 Member
  • 5170 Views
  • 1 replies
  • 0 Likes

Zoom phone custom signature thru: ssl-req-chello-sni

Hi everyone! We are currently moving our phone system to zoom, and we had an issue with the zoom application, some of their traffic its categorized as an incomplete causing that some calls hang out, or don't ring, i downloaded the packet capture log and i saw packets from zoom droping. I made an application, using the signature ssl-req-chell...

R.Tudon by L1 Bithead
  • 2568 Views
  • 0 replies
  • 0 Likes

Palo Alto Threat Vault AntiVirus Signatures

Hi Community! I wanted to better understand how Palo Alto ties it's detections with its Unique Threat ID to the Wildfire Virus Detections. For example, we have been receiving a steady amount of alerting for a Virus File and Palo Alto gives us the file name. If I search for the Unique Threat ID, I can see SHA-256's that Palo ties to it. S...

Can custom appIDs, without signatures, be applied directly to a security policy?

For this discussion, we created custom appID `myApp`, it has NO signature. If `myApp` uses port 22, the port of another known app (SSH), then to use `myApp`, it must be applied to an App Override policy. But what if `myApp` uses unique port 2121, can then `myApp` be applied directly to a security policy or does it still need to be added to a...

rolinger by L2 Linker
  • 2235 Views
  • 0 replies
  • 0 Likes

creation of custom app id

Hello everybody, i need to create custom app id in firewall for only gives access to get method while api call, but when i wrote signature i can not define the contex of the method in http request.Any help?

Regarding for reason and detect contents.

What communications does this rule detect? I want to confirm is correct an answer by user. Answer by user: In order to split the CSV, I created and executed "extract.bat". Detection Rule: ・Behavioral threat detected (rule: powershell_cradles.b) solution: Cortex XDR

Customizing Response pages

Need help in identifying a document with all the variables listed to customize response page. This customization is to inform users, the reason why the URL is blocked

Looking for help with a custom vulnerability signature to detect usage of the RC4 cipher set

I am struggling with getting a custom vulnerability signature to detect RC4 server responses. We have created other custom signatures that are working just fine within the same test policy. For example, checking for TLS 1.0, 1.1 etc.... I have tried a number of different pattern matches against the ssl-rsp-server-hello context without success....

  • 175 Posts
  • 86 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks