Custom Signatures

APPID signature for Zebra Printers showing unknown-tcp or insufficient data

I am seeing that traffic that goes to an specific vendor/model (Zebra LP 2844-z) of labeling printers is being categorized as APPid unknown-tcp or insufficient data on port 2001 TCP. I would like to know if there is a way to get this added to your AP

support NATO STANAG 4609

I am looking for the APP-ID based on the signatures  that support NATO STANAG 4609 (Motion Imagery Standards Profile)

Regex for syslog User-ID not working

Hi team,

We have the (Cisco & Ruckus) Wireless controllers forwarding SYSLOGS to the User-ID agent running on Windows 2012 server.

We want to use these syslog messages to create user-ip mappings. We tried with several different regex patterns but not

Custom data pattern

Hi Team 

I have a user who has a requirement to add a custom Data Pattern to identify a specific string 

Example: 1234/09/4578 

(Note the second identifier is a numeric value between [1-9])

I set up the data pattern under " Custom Objects --->Data Pa

Wordpress wp-login.php flood

Today we built a custom vulnerability signature to block excessive request from one IP to wp-login.php. 

 wp-login.php thread-id 42106wp-login.php thread-id 42106wp-login.php thread-id 42106wp-login.php flood threat-id 42107wp-login.php flood threat-

Signature for HULK attack?

Hi Everyone,

We are in the process of migrating from Cisco ASA firewalls on our Edge to PA 5020. Recently one of our websites was hit with a DDoS attack. After analysis, we determined that it was the HULK attack. 

I got my hands on the HULK python sc

Creating a Custom Application using a VLAN tag as the signature

All,

I am trying to create a custom application that will be used for a rule instead of having to use standard ports.  All traffic for this application is being tagged  with a 802.1Q virtual Lan , PRI: 0, CFI 0, ID: XXX.  I have tried creating a sign

How to create RegEx Custom Vulnerability Object for detection FTP injection

Hi

  I try to create Custom Object to detect FTP injection. I wrote pattern " .*(\%0d\%0a) " but it show operation fail pattern must be at least 7 bytes. How i create RegEx pattern to match "%0d%0a" in below command.

Possible To Block HTTP/1.0 Requests?

Can't seem to find a way to do it. I don't see a built-in signature, and was going to make a custom one, but the patern match context doesn't seem to cover the HTTP version for some odd reason. Maybe I'm missing something?

PAN-SA Signatures

Good day,

Seeing as security device targetted attacks a re increasing, I'd like to know if PANW releases the PAN-SA advisories as actual signatures. I can filter and analyse the CVE's disclosed for each PAN-SA, when available, but therse are general

help on Custom signature base on the return traffic

Dear Bros

     Anyone has the experience of create custom signature base on the return traffic? attached please find the PCAP file

     This is JBoss attack while custom want us to alert base on the server return traffic content pattern which means a

Custom Application Signatures

Hi

I have created custom Application id for one of my web application server hosted in Amazon cloud. but its not working. can anyone help against this.  Here with i have attached xml file for your reference.