Signature for Clash of Clans game

I built the attached custom application signature for the Clash of Clans game (previously identified as unknown-tcp) based on taking multiple pcaps and finding the first 7 bytes of the first 4 data packets appear to be constant across sessions. Howev

Email body signature

Hi all

I have a question about the possibility to create a specific custom signature to block some mail.

I need to block email that contantains:

1- specific email address(it is easy i did it)

2- email with some specific word contained in the email body(f

zenmate application

hi 

zenmate application is available in PA app but it is not blocking the traffic , 

tried using the URL based but pcap doesnt show any URL

tried to block through client hello SNI but no lcuk ....

please advise how i can block this on PA 

app name - zen

Custom Data Patterns

I am trying to create some data patterns for credit card numbers. I cannot get it to take any of my regex statements. below is one of them the error is saying its invalid. Does anyone have any good solid Credit Card Number and Social Security Number

Custom App for SIP

As a SIP provider, looking for to create a custom signature that matches a SUBSCRIBE message from the packet payload w/ 10 or 11 digits. We first tried this w/ Data Patterns under the Custom Objects but that didn't solve/address our issues.

We then cr

SMTP Signature Help

We have been slammed with random Chinese IP addresses attemping to brute-force accounts via SMTP.  Amusingly enough, our gateway doesn't even support that feature but the amount of traffic attempting it is consuming all available ports.

I was able to

InfluxDB Application Traffic

Hi Everyone

I have a problem, in monitoring traffic, connection influxdb with port 8086 did not work. traffic status is incomplete.

I was trying setup manually application for influxdb but did not work.

Could you give me a explanation?

Block Turbo VPN 1.8.1

please advise how can i block the mentioned vpn on FW 

i have blocked all the URLS using URL filtering which was hiting the firewall showing under URL filtering after enabling alert on all catagory 

blocked unknown - tcp and unknown - udp traffic 

SSL d

Example Signature for WPAD.DAT Exploitation (TA16-144A)

One attack avenue for an organization that the US-CERT is currently alerting on is the abuse of Web Proxy Auto-Discovery in order to hijack traffic by directing a web browser to a proxy they own.

The technical details are available at: https://www.

APPID signature for Zebra Printers showing unknown-tcp or insufficient data

I am seeing that traffic that goes to an specific vendor/model (Zebra LP 2844-z) of labeling printers is being categorized as APPid unknown-tcp or insufficient data on port 2001 TCP. I would like to know if there is a way to get this added to your AP

support NATO STANAG 4609

I am looking for the APP-ID based on the signatures  that support NATO STANAG 4609 (Motion Imagery Standards Profile)

Regex for syslog User-ID not working

Hi team,

We have the (Cisco & Ruckus) Wireless controllers forwarding SYSLOGS to the User-ID agent running on Windows 2012 server.

We want to use these syslog messages to create user-ip mappings. We tried with several different regex patterns but not