Custom Signatures
cancel
Showing results for 
Search instead for 
Did you mean: 
Custom Signatures
About Custom Signatures

Welcome to the Custom Signatures discussion forum. This forum exists as a resource for security professionals to discuss the creation process of custom signatures in their PAN-OS appliance. Please feel free to engage with other community members and Palo Alto Networks staff. Ideas, questions, research, and observations regarding the process of custom signature creation are all actively encouraged.

For an introduction to the forum, please see the sticky!

Disclaimer:
This forum is provided for Live Community members to discuss and share information pertaining to custom signatures. Please use the information from this forum at your own risk and make sure to test and verify any signature and code presented here. For information on contacting Palo Alto Networks support, click here.

Discussions

Signatures (Custom /Default ) Signature

Hi Team,

 

 

Need some info on Signature.

 

My question here is  Can We able to see the Default Signature or the customized Signature  with the read only access. If yes then can any body help me out to know the process. 

 

Thanks in advance.

Uma.

Custom Threat Signature for unique EXE files

DISCLAIMER:

As with all custom signatures on this forum, this signature is being provided by the author as a result of enthusiasm for the product and to share ideas with the Palo Alto Networks security community.

 

It is:

 

- Not recommended for deploymen

...

CustomVuln1.png
customVuln2.png
customVuln3.png
cusomVuln4.png
tboire by L3 Networker
  • 1518 Views
  • 0 replies
  • 1 Likes

Custom Signature for Email Headers

I am trying  to create a custom signature with the purpose of preventing malicious/phishing/spam emails with the firewall before it hits our mail gateway. For the most part we have been successful with this technique but I am struggling with creating

...

pic.PNG
clewis1 by L2 Linker
  • 4049 Views
  • 6 replies
  • 0 Likes

Resolved! Singature for Jabber tcp/2748

Hi, I try to create a custom signature for Jabber CTI (http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/port/9_0_1/CUCM_BK_T98E8963_00_tcp-port-usage-guide-90/CUCM_BK_T98E8963_00_tcp-port-usage-guide-90_chapter_01.html) running on port 2748.

 

...

Resolved! Signature by hostname

Hello guys,

 

We recently discover that sometimes, ramdonly, host called "Windows7" trays to mount a shared folder from our fileserver/DC. We discover this because our SIEM correlated some events from de DCserver. Sadly this SIEM do not show us the S

...

JuanB by L1 Bithead
  • 5532 Views
  • 7 replies
  • 0 Likes

Resolved! batch input

Hi,

i was wondering if I can input multiple inputs to create custom signature.

For example, one of our clients received a long list of files regarded as threat but not listed in threat vault. Because the list is long they would like a simpler method

...

Resolved! Case insensitive Regex expression

I am creating a regex to capture on the expression "Bank of America". I am having trouble getting case insensitivity to work so that I can capture on "Bank of America, bank of america or any other variation.  What is the format of this expression to

...

ttanzi by L2 Linker
  • 2397 Views
  • 2 replies
  • 0 Likes

Resolved! Regex Not matching when ? is in the URL.

I am trying to setup a custom application to match based on URL request which contains:

 

search=

 

This is the only consistent 7 byte string in the URL. This works fine unless the request contains a preceeding '?' in the URL. 

 

For example the foll

...

jpeters by L3 Networker
  • 3432 Views
  • 2 replies
  • 0 Likes

Resolved! RegEx - Pattern for strange string not work

Someone can help me for this pattern?

 

PATTERN:
+-----------------------------------------------------------------------+
PATTERN in Hex:
2b 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d

...

Need help with creating signature for pop3

I would need some assistance with setting up a custom signature for pop3.

 

I need to make a signature for the USER  command returning "-ERR " currently the Pan vuln signature only triggers on the Pass command in vuln id 31709. I run into a fundament

...

apike by L1 Bithead
  • 4997 Views
  • 6 replies
  • 0 Likes
Labels