Custom Signatures
The Custom Signatures discussion is a resource for security professionals to discuss the creation process of custom signatures in their PAN-OS appliance.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Custom Signatures
The Custom Signatures discussion is a resource for security professionals to discuss the creation process of custom signatures in their PAN-OS appliance.
About Custom Signatures

Welcome to the Custom Signatures discussion forum. This forum exists as a resource for security professionals to discuss the creation process of custom signatures in their PAN-OS appliance. Please feel free to engage with other community members and Palo Alto Networks staff. Ideas, questions, research, and observations regarding the process of custom signature creation are all actively encouraged.

For an introduction to the forum, please see the sticky!

Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to custom signatures. Please use the information from this forum at your own risk and make sure to test and verify any signature and code presented here. For information on contacting Palo Alto Networks support, click here.

Discussions

vulnerability signature with payload and negate

Hello.

I'm trying to write a custom app and vulnerability signature. Signatures are based on UDP-payload.

When I use the custom app signature, vulnerability detection does not work. Can I somehow turn on CTD for the custom app?

The other problem is that

...

Block Pubg and Fortnite

Hi,

 

Is anyone tried to block PUBG and Fortnite? I tried everything its not able to, please suggest the step would be helpful.

 

 

Regards

Asif

Asifk by L0 Member
  • 2688 Views
  • 0 replies
  • 0 Likes

control URL Filtering bypass by IP

Any way we can achieve this by creating custom signature that allows only valid http requests to URLs and not to IP addresses?

As currently Blocked domain or URL not HTTPS or protected by cloud-fare can easily get passed URL filtering block

Understandi

...

pshah1 by L1 Bithead
  • 4398 Views
  • 1 replies
  • 0 Likes

Custom AppID for NAT-T traffic

I am looking for a way to identify NAT-T traffic on an IPSEC connection and define a custom app for it. To identify the IKE control plane traffic we would be looking for a 4 zero-valued bytes pattern at IP offset 28 on UDP 4500 traffic.

 

It seems the

...

Screen Shot 2020-07-02 at 8.47.39 AM.png

Resolved! Custom Signature to allow LDAPS as SSL port 636

Hello Everyone,

 

Has anyone created a custom signature to create a custom APP-ID to allow SSL over port 636? I have read that decryption needs to be implemented for the Palo to identify the traffic to the right application but if decryption can not be

...

palmanza by L0 Member
  • 13399 Views
  • 2 replies
  • 0 Likes

re: 01339413

Hi Team 

 

One of my Customer has configured a custom signature to block the windows 7 machine based on Http request headers. This signature is working but hitting a lot of false positives as well. For example, he can see that window 8 and windows 10 a

...

alal by L2 Linker
  • 4304 Views
  • 1 replies
  • 0 Likes

Safari Montage YouTube

We have a school system that is want to utilize Safari Montage to filter video that an administrator whitelisted. These whitelisted video adds a referrer (somesite.someschool.org) to the http request that will go to that specific video hosted at YouT

...

MCabe by L0 Member
  • 3284 Views
  • 0 replies
  • 0 Likes
  • 159 Posts
  • 77 Subscriptions
This widget could not be displayed.
Labels