Custom Signatures
Showing results for 
Search instead for 
Did you mean: 
Custom Signatures
About Custom Signatures

Welcome to the Custom Signatures discussion forum. This forum exists as a resource for security professionals to discuss the creation process of custom signatures in their PAN-OS appliance. Please feel free to engage with other community members and Palo Alto Networks staff. Ideas, questions, research, and observations regarding the process of custom signature creation are all actively encouraged.

For an introduction to the forum, please see the sticky!

This forum is provided for Live Community members to discuss and share information pertaining to custom signatures. Please use the information from this forum at your own risk and make sure to test and verify any signature and code presented here. For information on contacting Palo Alto Networks support, click here.

Forum Posts

control URL Filtering bypass by IP

Any way we can achieve this by creating custom signature that allows only valid http requests to URLs and not to IP addresses?As currently Blocked domain or URL not HTTPS or protected by cloud-fare can easily get passed URL filtering blockUnderstandi...

pshah1 by L1 Bithead
  • 1 replies

Custom AppID for NAT-T traffic

I am looking for a way to identify NAT-T traffic on an IPSEC connection and define a custom app for it. To identify the IKE control plane traffic we would be looking for a 4 zero-valued bytes pattern at IP offset 28 on UDP 4500 traffic. It seems the ...

Screen Shot 2020-07-02 at 8.47.39 AM.png

Allow iOS Ring doorbell

Hello,I'm looking for a proper way to allow the iOS Ring app to connect back to the video feed from an iOS device. Android phones work with no issue. The problem is that it reports the web URL category as "unknown" which I am currently blocking.I wro...

Ring Policy.PNG

Resolved! Custom Signature to allow LDAPS as SSL port 636

Hello Everyone, Has anyone created a custom signature to create a custom APP-ID to allow SSL over port 636? I have read that decryption needs to be implemented for the Palo to identify the traffic to the right application but if decryption can not be...

palmanza by L0 Member
  • 2 replies

re: 01339413

Hi Team One of my Customer has configured a custom signature to block the windows 7 machine based on Http request headers. This signature is working but hitting a lot of false positives as well. For example, he can see that window 8 and windows 10 al...

alal by L2 Linker
  • 1 replies

Safari Montage YouTube

We have a school system that is want to utilize Safari Montage to filter video that an administrator whitelisted. These whitelisted video adds a referrer ( to the http request that will go to that specific video hosted at YouT...

MCabe by L0 Member
  • 0 replies

Convert ScreenOS Multicast static route to PaloAlto

Hi all,i'm finally converting an old Juniper ScreenOS firewall to a PaloAlto firewall (5020). I have some problem to understand how to convert some Multicast static Routes.On screen os i have this specific entry for ex: GUI:Type: Static, ForwardingSo...

Context for Custom AppID

I’m looking to create a custom AppID for our Softphones by PureCloud. In short, we are attempting to block the chat feature within the application. The application is web-browser based and encrypted, so we setup decryption for the traffic in the hope...

rsummers by L0 Member
  • 0 replies

Resolved! Vulnerability Custom signature not detected

Hi,I have configured this signature:Operator: Pattern MatchContext: http-req-paramsPattern: WAITFOR\%20DELAY When I digit for example the signature is not matched.Can someone help me about this?

s_quasar by L3 Networker
  • 1 replies
Top Liked Authors