Create Custom Application with pattern for XMPP (Jabber)

Could anyone help me to build a custom application with a pattern.

Application: Jabber

Port: TCP/5222

I want to use this URL as a pattern xyz.ab.example.com.

I have followed some kb and created a custom app but the app did not match in the security po

re: 01339413

Hi Team 

One of my Customer has configured a custom signature to block the windows 7 machine based on Http request headers. This signature is working but hitting a lot of false positives as well. For example, he can see that window 8 and windows 10 a

Safari Montage YouTube

We have a school system that is want to utilize Safari Montage to filter video that an administrator whitelisted. These whitelisted video adds a referrer (somesite.someschool.org) to the http request that will go to that specific video hosted at YouT

Context for Custom AppID

I’m looking to create a custom AppID for our Softphones by PureCloud. In short, we are attempting to block the chat feature within the application. The application is web-browser based and encrypted, so we setup decryption for the traffic in the hope

KNX/IP custom APP-ID signatures

Hi,

I have created a APP-ID signature set for detecting KNX.

If you have a KNX smarthouse or industrial system this could be helpful.

I will try to implement decrypt and detection of KNX in Gira S1 traffic as well in the future.

Wikipedia - KNX

best r

Custom Threat is being identified, but not taking the correct action.

We have a custom vulnerability for Datanyze Scraping that is being idenfied but only alerting.  This signature looks for http-req-headers and dns-req-headers for the value of Datanyze.  This is working great, I can see the traffic in the threat log s

pattern match for less than 7 byte application

Hello all,

we are trying to implement user-Agent feature that's exist in MWG proxy. on attched wireshark capture screen shot "wget" user agent has only 4 bytes. do you have work around to make signature equal to 7 bytes. 

I also attached screen shot e

IPv4 flags as App-ID Signatures?

Hello,

 Is it possible to use simple IPv4 flag info as match criteria for App-ID signatures? I'm looking for something simple such as matching source IP, destination IP and destination port. I'm not having any luck finding patterns in the data to use

There is no CVE-2019-9082 signature

Hi,

Nowadays some attackers attack our web site relevant code injection. Perimeter firewall is Palo Alto and seperator firewall is Fortinet. This attack type is below that's not keeping by PA but it's keeping FG so prevent.

I obsevered this signature

custom web ssl based application

hello guyes.

what will be the right way to describe the custom application for the pcap in the attach?

the unique id is the fqdn site1.qwe.loc

how to get vulnerability signature pattern

HI @reaper 

Palo alto is releasing content update every week and changes in default action will be changed periodically.

Recenty in Content version 8146 vulnerability 55570  Oracle WebLogic wls9-async Remote Code Execution Vulnerability  action is se

Block access to websites available over their IP (and not a FQDN)

Hi community

Does anyone already managed to block access to websites available directly with their IP? Actually with regex this would be an easy task, but I have some difficulties creating a custom application signature as there isn't the full regex