Regex for User Agent for ASA Anyconnect syslog

We have stale userID/IPaddr entries in PA from our AD servers.

We implemented regex and syslog feed for the campus ASA so solve the issue, but need it also for Anyconnect user traffic.

Found what appears to be the regex for anyconnect syslog feed.

htt

Quick Question - escaping parentheses?

So, none of the docs I can find show parentheses as a reserved character, but when I put in a regex of 'sample(_POST' it is rejected, but when I do 'sample\(POST' it is taken - in these samples the '' are not there.  

But, I'm not sure if the REXEX i

Fortnite

Is anyone successfully blocking fortnite?  I'm also looking to block PUBG Mobile

Custom APP-ID for more granular access to MS Office online components

I would like to have more granular control over access to Microsoft online resources, specifically Visual Studio tools. Access to the site currently is identified as 'ms-office365-base' but I would like to specifically identify the logon page and res

Basic Rule to Detect/Alert on OvenVas Scanners

So I'm surprised that the Palo Alto doesn't have a signature to detect OpenVAS scanners. I would like to create a simple rule that detects "User-Agent: OpenVAS" (Ultimately I would like to just block these entirely.

Is something that can be easily bu

How to create new APP ID or signature to block VPN360 App

Hi !

I was refered by TAC support to post requst here. we want to block VPN360 Apps on Iphone. It uses proxy IP to access internet bypassing URL filtering. IP is hopping and changing everytime you disconnected and reconnected App and it is standard S

Custom Signature for Dahua NVR

Hello All,

I am working on creating a custome signature for a Dahua NVR that we would like to allow remote access to.  It operates on port 37777 which has been allowed, but traffic still shows up as unknown-tcp and is subsiquently blocked.  Does anyo

Help with creating a custom App

Hi Everyone,

I have a application that is currently being detected as unknown-tcp and would love to be able to create a custom app to allow it rather than having to allow uknown-tcp.

I have attached a capture from the Firewall, i am just uncertain as t

What purpose is 'parent app' when to create custom app?

Hello,

I don't understand why 'parent app' is.

What is it used for? and When is it used?

if I choose 'facebook-base' in parent app when I create 'ABC' of custom application, the 'ABC' application is inherited the signature from 'facebook-base'?

Honestl

Customer signature to Block C & C++ Programes

Hi Team,

One of the customer is looking to block files based on data filtering and he wanted to block any text that contains C programs, he wants to block based on the keywords used in the program.

Sample Regex used by customer.

.*(.*(\#include).*((c

Email body signature

Hi all

I have a question about the possibility to create a specific custom signature to block some mail.

I need to block email that contantains:

1- specific email address(it is easy i did it)

2- email with some specific word contained in the email body(f

zenmate application

hi 

zenmate application is available in PA app but it is not blocking the traffic , 

tried using the URL based but pcap doesnt show any URL

tried to block through client hello SNI but no lcuk ....

please advise how i can block this on PA 

app name - zen

Custom Data Patterns

I am trying to create some data patterns for credit card numbers. I cannot get it to take any of my regex statements. below is one of them the error is saying its invalid. Does anyone have any good solid Credit Card Number and Social Security Number