Custom Signatures
The Custom Signatures discussion is a resource for security professionals to discuss the creation process of custom signatures in their PAN-OS appliance.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Custom Signatures
The Custom Signatures discussion is a resource for security professionals to discuss the creation process of custom signatures in their PAN-OS appliance.
About Custom Signatures

Welcome to the Custom Signatures discussion forum. This forum exists as a resource for security professionals to discuss the creation process of custom signatures in their PAN-OS appliance. Please feel free to engage with other community members and Palo Alto Networks staff. Ideas, questions, research, and observations regarding the process of custom signature creation are all actively encouraged.

For an introduction to the forum, please see the sticky!

Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to custom signatures. Please use the information from this forum at your own risk and make sure to test and verify any signature and code presented here. For information on contacting Palo Alto Networks support, click here.

Discussions

Context for Custom AppID

I’m looking to create a custom AppID for our Softphones by PureCloud. In short, we are attempting to block the chat feature within the application. The application is web-browser based and encrypted, so we setup decryption for the traffic in the hope

...

rsummers by L0 Member
  • 3497 Views
  • 0 replies
  • 0 Likes

Resolved! Vulnerability Custom signature not detected

Hi,

I have configured this signature:

Operator: Pattern Match

Context: http-req-params

Pattern: WAITFOR\%20DELAY

 

When I digit for example http://www.mysite.com/index.php?WAITFOR%20DELAY the signature is not matched.

Can someone help me about this?

 

 

s_quasar by L3 Networker
  • 5368 Views
  • 1 replies
  • 0 Likes

KNX/IP custom APP-ID signatures

Hi,

 

I have created a APP-ID signature set for detecting KNX.

If you have a KNX smarthouse or industrial system this could be helpful.

 

I will try to implement decrypt and detection of KNX in Gira S1 traffic as well in the future.

 

Wikipedia - KNX

 

best r

...

pattern match for less than 7 byte application

Hello all,

 

we are trying to implement user-Agent feature that's exist in MWG proxy. on attched wireshark capture screen shot "wget" user agent has only 4 bytes. do you have work around to make signature equal to 7 bytes. 

I also attached screen shot e

...

IPv4 flags as App-ID Signatures?

Hello,

 

 Is it possible to use simple IPv4 flag info as match criteria for App-ID signatures? I'm looking for something simple such as matching source IP, destination IP and destination port. I'm not having any luck finding patterns in the data to use

...

Danimal by L0 Member
  • 4976 Views
  • 1 replies
  • 0 Likes

There is no CVE-2019-9082 signature

Hi,

 

Nowadays some attackers attack our web site relevant code injection. Perimeter firewall is Palo Alto and seperator firewall is Fortinet. This attack type is below that's not keeping by PA but it's keeping FG so prevent.

I obsevered this signature

...

Blocking web content with custom data patterns

Hi all,

 

I'm trying to use custom data patterns to block all content related to the 'Momo' hoax.  I'm having issues getting around the fact that 'momo' is smaller than 7 bytes.

 

Do you have any recommendations on how to use an anchor 7 bytes or longer

...

Office XML with Macros

This is a custom vulnerability signature I created based on what I was seeing come through to our users.  Usually, the malicious Office files with macros were in either the binary Office 2003 format or the newer Office 2007+ format.  What I was seein

...

Custom Antivirus Signatures

Is it possible to create custom antivirus signatures?

Goal is to block files with certain hashes. The original file is not available, only the hash.

Is there any way to submit hashes to PANW so that they create signatures? (Something similar like for U

...

Anon1 by L4 Transporter
  • 13021 Views
  • 4 replies
  • 3 Likes

Webmail Control via URL

Can paloalto control the sending of web mail?

 

i want to make it impossible to send out from the webmail.

There is a service called Naver that provides web mail like Google.

for example,

 

The URL for sending is as follows.

mail.naver.com/n=111113333&v=f#%

...

  • 159 Posts
  • 77 Subscriptions
This widget could not be displayed.
Labels