The purpose of this board is to discuss everything related to custom signature creation in PAN-OS devices. Palo Alto Networks delivers a large quantity of coverage in our weekly content updates; however, we know that our customers are staffed by dedi
...
With the rise in popularity of the new Pokemon GO app, has anyone had the opportunity to build a signature or possibly even gather a pcap of the traffic that could be shared (the site is not allowing signups right now so I am unable to produce my own
...
I am seeing that traffic that goes to an specific vendor/model (Zebra LP 2844-z) of labeling printers is being categorized as APPid unknown-tcp or insufficient data on port 2001 TCP. I would like to know if there is a way to get this added to your AP
...
I am looking for the APP-ID based on the signatures that support NATO STANAG 4609 (Motion Imagery Standards Profile)
Hi team,
We have the (Cisco & Ruckus) Wireless controllers forwarding SYSLOGS to the User-ID agent running on Windows 2012 server.
We want to use these syslog messages to create user-ip mappings. We tried with several different regex patterns but not
...
Hi Team
I have a user who has a requirement to add a custom Data Pattern to identify a specific string
Example: 1234/09/4578
(Note the second identifier is a numeric value between [1-9])
I set up the data pattern under " Custom Objects --->Data Pa
...
I'm looking to submit a FQDN block where I don't ever block the IP.
I've reviewed this article on blocking FQDN's but can't seem to figure out how to ignore the IP. We assign fake ip addresses to known malicius sites, and need the HTTP, HTTPS, SSH, e
...
Today we built a custom vulnerability signature to block excessive request from one IP to wp-login.php.
wp-login.php thread-id 42106wp-login.php thread-id 42106wp-login.php thread-id 42106wp-login.php flood threat-id 42107wp-login.php flood threat-
...
Hi Everyone,
We are in the process of migrating from Cisco ASA firewalls on our Edge to PA 5020. Recently one of our websites was hit with a DDoS attack. After analysis, we determined that it was the HULK attack.
I got my hands on the HULK python sc
...
All,
I am trying to create a custom application that will be used for a rule instead of having to use standard ports. All traffic for this application is being tagged with a 802.1Q virtual Lan , PRI: 0, CFI 0, ID: XXX. I have tried creating a sign
...
I would like to block any ELF executable, but this is not support in file blocking. I have tried to achieve this using two methods:
Create a custom data pattern. This didn't really work out, as the minimum string length is 7 bytes, but the file ident
...
Hi
I try to create Custom Object to detect FTP injection. I wrote pattern " .*(\%0d\%0a) " but it show operation fail pattern must be at least 7 bytes. How i create RegEx pattern to match "%0d%0a" in below command.
Can't seem to find a way to do it. I don't see a built-in signature, and was going to make a custom one, but the patern match context doesn't seem to cover the HTTP version for some odd reason. Maybe I'm missing something?
Good day,
Seeing as security device targetted attacks a re increasing, I'd like to know if PANW releases the PAN-SA advisories as actual signatures. I can filter and analyse the CVE's disclosed for each PAN-SA, when available, but therse are general
...
Dear Bros
Anyone has the experience of create custom signature base on the return traffic? attached please find the PCAP file
This is JBoss attack while custom want us to alert base on the server return traffic content pattern which means a
...
Hi
I have created custom Application id for one of my web application server hosted in Amazon cloud. but its not working. can anyone help against this. Here with i have attached xml file for your reference.
on:
Custom signature for catch specific query
on:
Cortex XDR block file execution based on ico\file name
on:
Allow or drop traffic based on headers
on:
Letsencrypt (acme) challenge URL
