DDOS, Brute force and referer header match options with custom signatures for app-id and vulnerability.

Hello to All,

I have made a post with examples in an another part of this forum but now I see that there is a seperate discussion for custom signatures, so I am posting it here. Now with version 10 as there is no 7 byte limit it is much more easier

Welcome to the Palo Alto Networks Custom Signature discussion board!

The purpose of this board is to discuss everything related to custom signature creation in PAN-OS devices. Palo Alto Networks delivers a large quantity of coverage in our weekly content updates; however, we know that our customers are staffed by dedi

Custom objects signature - DNS query length

Hello

I am trying to create a custom object / custom spyware signature based on dns-req-section that would alert when the requested domain via dns is longer than x amount of characters.
Currently I am stuck at the pattern requirement to have 7 fixed by

Application ID for MS-Edge

Due to the constraints placed on us by management, we don't support Chrome, and early on, I created a custom app ID specifically for Chrome and was able to block it fairly effectively.  Then MS released Edge, which fouled everything up.  So all of th

Custom Snort Signature context operator not found

creating a custom snort signature on Palo alto Firewall but didn’t found the concern context operator for match pattern.

Shall we create a context operator or how it can add the pattern if the context operator is not available?

For example:

alert tcp $

vulnerability signature with payload and negate

Hello.

I'm trying to write a custom app and vulnerability signature. Signatures are based on UDP-payload.

When I use the custom app signature, vulnerability detection does not work. Can I somehow turn on CTD for the custom app?

The other problem is that

Block Pubg and Fortnite

Hi,

Is anyone tried to block PUBG and Fortnite? I tried everything its not able to, please suggest the step would be helpful.

Regards

Asif

It's possible to block custom file hash-256 in Palo alto.

control URL Filtering bypass by IP

Any way we can achieve this by creating custom signature that allows only valid http requests to URLs and not to IP addresses?

As currently Blocked domain or URL not HTTPS or protected by cloud-fare can easily get passed URL filtering block

Understandi

create a custom url/custom application matching the below string

I have a requirement, where the customer wants to allow only  the below url:

https://chrome.google.com/webstore/detail/zotero-connector/ekhagklcjbdpajgpjgmbionohlpdbjgc

Basically the above is the url for a chrome addon : zotero-connector

He wants to al

Custom AppID for NAT-T traffic

I am looking for a way to identify NAT-T traffic on an IPSEC connection and define a custom app for it. To identify the IKE control plane traffic we would be looking for a 4 zero-valued bytes pattern at IP offset 28 on UDP 4500 traffic.

It seems the

Virus/Win32.WGeneric.ajbecg(340897548) Need assistance

Hi Team,

These are the below sign identified in our network and want to know the reason for this trigger.

Please provide the related application effected?

Any additional information will be appreciated. 

Virus/Win32.WGeneric.ajbsuc(341044866)

Virus/Win32

How to stop MortiAgent Malware using the snort rule ?

I want to stop the MortiAgent malware by applying /using snort rule & also using yara rule?

How to configure this in Palo alto ?

Below are snort & Yara Rules:

1. The below SNORT rule can be used to detect the MoriAgent Beacon.
alert tcp $HOME_NET any