This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Custom Signatures
The Custom Signatures discussion is a resource for security professionals to discuss the creation process of custom signatures in their PAN-OS appliance.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Custom Signatures
The Custom Signatures discussion is a resource for security professionals to discuss the creation process of custom signatures in their PAN-OS appliance.
About Custom Signatures

Welcome to the Custom Signatures discussion forum. This forum exists as a resource for security professionals to discuss the creation process of custom signatures in their PAN-OS appliance. Please feel free to engage with other community members and Palo Alto Networks staff. Ideas, questions, research, and observations regarding the process of custom signature creation are all actively encouraged.

For an introduction to the forum, please see the sticky!

Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to custom signatures. Please use the information from this forum at your own risk and make sure to test and verify any signature and code presented here. For information on contacting Palo Alto Networks support, click here.

Discussions

Start a conversation

InfluxDB Application Traffic

Hi Everyone

 

I have a problem, in monitoring traffic, connection influxdb with port 8086 did not work. traffic status is incomplete.

I was trying setup manually application for influxdb but did not work.

 

 

 

 

Could you give me a explanation?

1.png

Block Turbo VPN 1.8.1

please advise how can i block the mentioned vpn on FW 

i have blocked all the URLS using URL filtering which was hiting the firewall showing under URL filtering after enabling alert on all catagory 

blocked unknown - tcp and unknown - udp traffic 

SSL d

...

Rameshwar by L3 Networker
  • 1709 Views
  • 0 replies
  • 0 Likes

Example Signature for WPAD.DAT Exploitation (TA16-144A)

One attack avenue for an organization that the US-CERT is currently alerting on is the abuse of Web Proxy Auto-Discovery in order to hijack traffic by directing a web browser to a proxy they own.

 

The technical details are available at: https://www.

...

rcole by L4 Transporter
  • 5052 Views
  • 1 replies
  • 1 Likes

Resolved! Custom Signature Help

Hi, 

 

I'm attempting to create an application signature to detect Amazon AWS backups. I captured SSL client hello packets to get the the below hex for the pattern match, but signature is not fireing. 

 

Packet,

 

 

Hex value,

/x 3531333438623763302d64643237

...

Amazon_TLS.PNG
Amazon_sig.PNG
phi1771 by L1 Bithead
  • 2518 Views
  • 2 replies
  • 0 Likes

Resolved! Pokemon GO

With the rise in popularity of the new Pokemon GO app, has anyone had the opportunity to build a signature or possibly even gather a pcap of the traffic that could be shared (the site is not allowing signups right now so I am unable to produce my own

...

aelmore by L0 Member
  • 4755 Views
  • 4 replies
  • 0 Likes
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks