- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
11-07-2019 03:13 PM
I’m looking to create a custom AppID for our Softphones by PureCloud. In short, we are attempting to block the chat feature within the application. The application is web-browser based and encrypted, so we setup decryption for the traffic in the hopes we could enforce security policies on the decrypted traffic.
The decryption is working fine and I’ve been able to get some basic AppID’s created to recognize the traffic based on the FQDN. My goal is to create a custom AppID that goes deeper into the packet and matches on a pattern. So far, I’ve been unsuccessful. I’ve validated the parent app is “websocket” but have not been able to hit on a pattern match. I believe the issue I’m having is with the Context choice.
I opened a PAN support case and worked with a tech who was helpful but limited in support he could provide (best effort only.) I’ve searched through the Live Community Discussions related to AppID’s and didn’t hit on anything helpful so far. I’ve read pretty much anything and everything I could find online and in PAN’s knowledge base articles but have not found a solution.
I setup a decryption mirror port and captured some PureCloud traffic. I can provide a packet capture of the decrypted traffic for a short chat conversation. I was hoping someone could help me figure out the right Context to match patterns against or an alternative approach. Any help you could extend to me would be greatly appreciated.
I found both of these resources very helpful. I list them for others who might benefit from them.
Video - How To Configure A Custom App-Id
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClmGCAS
PDF - Creating Custom Application And Threat Signatures
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClOFCA0
Regards,
Rob
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!