This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Custom Signatures
The Custom Signatures discussion is a resource for security professionals to discuss the creation process of custom signatures in their PAN-OS appliance.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Custom Signatures
The Custom Signatures discussion is a resource for security professionals to discuss the creation process of custom signatures in their PAN-OS appliance.
About Custom Signatures

Welcome to the Custom Signatures discussion forum. This forum exists as a resource for security professionals to discuss the creation process of custom signatures in their PAN-OS appliance. Please feel free to engage with other community members and Palo Alto Networks staff. Ideas, questions, research, and observations regarding the process of custom signature creation are all actively encouraged.

For an introduction to the forum, please see the sticky!

Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to custom signatures. Please use the information from this forum at your own risk and make sure to test and verify any signature and code presented here. For information on contacting Palo Alto Networks support, click here.

Discussions

Start a conversation

Welcome to the Custom Signatures Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 3497 Views
  • 0 replies
  • 0 Likes

Welcome to the Palo Alto Networks Custom Signature discussion board!

The purpose of this board is to discuss everything related to custom signature creation in PAN-OS devices. Palo Alto Networks delivers a large quantity of coverage in our weekly content updates; however, we know that our customers are staffed by dedicated security professionals as well, and we would like to provide an environment in which to fos...

rcole by L4 Transporter
  • 37599 Views
  • 4 replies
  • 4 Likes

Webmail Control via URL

Can paloalto control the sending of web mail? i want to make it impossible to send out from the webmail.There is a service called Naver that provides web mail like Google.for example, The URL for sending is as follows.mail.naver.com/n=111113333&v=f#%7B"fClass"%3A"write"%2C"oParameter"%3A%7B"orderType"%3A"new"%2C"sMailList"%3A""%7D%7D I creat...

Resolved! Threat ID for CVE-2018-8653 Internet Explorer

I'm not seeing a threat ID for the new IE vulnerability (https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8653#ID0EN). Has anyone been able to create a custom ID for it, or know if Palo is working on one? Thank you

Rigbyj06 by L0 Member
  • 10290 Views
  • 3 replies
  • 1 Likes

Custom signature not working as expected

Hi GuysI have the follwoing issue:I have a policy rule where I allow smtp flow! On this rule I have a vulnerability protection profile. In this pofile I have 2 rules:- one rule which is supposed to allow emails with bb.com in the subject-the second one is the one which is denying emails from aa.com Both rules have custom vulnerability objects:t...

image.png
image.png
image.png
image.png

Resolved! Creating a custom app signature to block by URL path

I'm hoping to get some help with a custom signature that I've created. We're trying to block users from playing flash games on facebook, but still allow them to get to everything else. For example: https://apps.facebook.com/candycrush. The URL category is social-networking and the application is facebook-apps. I've created a signature to det...

Snag_c5699be.png

Identifying Mobile no - Data Pattern

Dear All,Please find bellow our requirement: 1) We would like to restrict document going out from their network which has more than 5 mobile numbers.Thus would require a regex of mobile no to be configured in Data Pattern. We configure regex -((.*09([0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]))|(.*([0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9...

Application with Custom Signature & Layer 7 Processing

Hello All,I have a PaloAlto PA-500 firewall on which I created my custom application based on custom signature. During the custom application creation on the Characterestics section I checked the "Continue scanning for other application" flag (refer to attached file -> CustomApplication-Characteristics.png).I've configured a policy that allow...

CustomApplication-Characteristics.png
ShowSessionIdCommand.PNG
Emanuele by L0 Member
  • 5602 Views
  • 2 replies
  • 0 Likes

To customize app-id or no

Hi Newish user to PA's 1 year now I think. I came from cisco - ip / port acl's I am trying to move to app-id nicer easier policies.So for office traffic I use app-id for my prod platform I use applicaiton overide to custom applications, so that I can by pass any inspection . I care more about speed and latency. For example my developer use artif...

How to customize a special Cross-Site Scripting blocking signature?

How to customize a special Cross-Site Scripting blocking signature? Cross-Site Scripting:http://xxx.xxx.xxx/search~S5*cht/?searchtype=X&searcharg=1234&searchscope=5&sortdropdown=-&SORT=DZ&extended=0&SUBMIT=%E6%9F%A5%E8%A9%A2&searchlimits=%22%20oNmOuSeOvEr%3dalert(%2720180305_XSS_VUL_DETECTED%27)%20%22%EF%BB%BF&sea...

Custom signature for IMAP

Hey there! I need to create a custom application based on the LOGIN string sent to an IMAP server (Office 365) via port 993 (TLS/SSL encrypted) to differentiate it from other O365 traffic. Tech_Note-Creating_Custom_Signatures-RevE.pdf I should be able to match on the imap-req-first-param context but the fw is detecting the traffic as imap. I ha...

Lets Encrypt

Our customer is implementing the Lets Encrypt (https://letsencrypt.org/) in the whole his infrastructure. This way, every certificates SSL expired in 90 days.The Palo Alto use certificate SSL to VPN, Captive Portal, and others services.Is there an automatic procedure of how to change these certificates? Has the Palo Alto API support for this kin...

Custom App-ID for DNS-over-https

Hi community As you may have noticed DNSSec is extremely slowly getting attention and it even does not improve the users privacy because the dns request are only signed but not encrypted. So other people and companies are searching alternatives to secure DNS requests. One of these alternatives which could already be approved by the IETF in octob...

Remo by L7 Applicator
  • 13194 Views
  • 1 replies
  • 7 Likes

Custom Signature to Detect Weak Cipher Negotiation in Phase 1 ISAKMP Negotiation

Good Afternoon, Is it possible to create a custom threat signature or APP-ID to match various strings of data inside of the ISAKMP initial payload during the IPSec phase 1 negotiation. The first packets are sent in plaintext during the negotiation. This would be done in order to determine if a weak cipher is being used during tunnel initiatio...

ktague by L2 Linker
  • 3977 Views
  • 1 replies
  • 0 Likes

How to submit changes to existing Add-id?

Hello. We're noticed that webex app uses SIP connection over port 5061. I don't see it's listed in App-ID database and I believe it should be there. Please correct me if I'm wrong.How do I submit App-ID change request? Since it's related to webex in geneal, I believe it should be done at global level, rather then custom AppID. Thanks,Victor Rela...

  • 175 Posts
  • 86 Subscriptions
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks