Custom Signature to Detect Weak Cipher Negotiation in Phase 1 ISAKMP Negotiation

Good Afternoon,

    Is it possible to create a custom threat signature or APP-ID to match various strings of data inside of the ISAKMP initial payload during the IPSec phase 1 negotiation. The first packets are sent in plaintext during the negotiation

How to submit changes to existing Add-id?

Hello.

We're noticed that webex app uses SIP connection over port 5061. I don't see it's listed in App-ID database and I believe it should be there. Please correct me if I'm wrong.

How do I submit App-ID change request? Since it's related to webex in

A few questions about signatures and custom apps

So I've had some issues with the most recent custom app I'm attempting to make.  Our server team is implementing Papercut on campus and there doesn't seem to be a pre-built app for it.  I submitted a request for it but figured I'd try to take a crack

Office 365 Vulnerability of HTML “baseStriker attack” and Mitigation by PAN Firewall

Hi Team,

recently there is one vulnerability found in office 365 vulnerability has been identified in Microsoft Office 365, a remote user can exploit this vulnerability to trigger Security Restriction Bypass on the targeted system.

Is there any way to

Regex for User Agent for ASA Anyconnect syslog

We have stale userID/IPaddr entries in PA from our AD servers.

We implemented regex and syslog feed for the campus ASA so solve the issue, but need it also for Anyconnect user traffic.

Found what appears to be the regex for anyconnect syslog feed.

htt

Quick Question - escaping parentheses?

So, none of the docs I can find show parentheses as a reserved character, but when I put in a regex of 'sample(_POST' it is rejected, but when I do 'sample\(POST' it is taken - in these samples the '' are not there.  

But, I'm not sure if the REXEX i

Fortnite

Is anyone successfully blocking fortnite?  I'm also looking to block PUBG Mobile

Custom APP-ID for more granular access to MS Office online components

I would like to have more granular control over access to Microsoft online resources, specifically Visual Studio tools. Access to the site currently is identified as 'ms-office365-base' but I would like to specifically identify the logon page and res

Basic Rule to Detect/Alert on OvenVas Scanners

So I'm surprised that the Palo Alto doesn't have a signature to detect OpenVAS scanners. I would like to create a simple rule that detects "User-Agent: OpenVAS" (Ultimately I would like to just block these entirely.

Is something that can be easily bu

How to create new APP ID or signature to block VPN360 App

Hi !

I was refered by TAC support to post requst here. we want to block VPN360 Apps on Iphone. It uses proxy IP to access internet bypassing URL filtering. IP is hopping and changing everytime you disconnected and reconnected App and it is standard S

Custom Signature for Dahua NVR

Hello All,

I am working on creating a custome signature for a Dahua NVR that we would like to allow remote access to.  It operates on port 37777 which has been allowed, but traffic still shows up as unknown-tcp and is subsiquently blocked.  Does anyo

Help with creating a custom App

Hi Everyone,

I have a application that is currently being detected as unknown-tcp and would love to be able to create a custom app to allow it rather than having to allow uknown-tcp.

I have attached a capture from the Firewall, i am just uncertain as t

What purpose is 'parent app' when to create custom app?

Hello,

I don't understand why 'parent app' is.

What is it used for? and When is it used?

if I choose 'facebook-base' in parent app when I create 'ABC' of custom application, the 'ABC' application is inherited the signature from 'facebook-base'?

Honestl