08-27-2025 12:37 AM
Hello Team,
I'm currently creating a custom signature.
I'm checking performance using the following command.
test custom-signature-perf context <context> pattern <pattern>
Does anyone know if it's possible to specify multiple <pattern>s with an AND condition?
Best Regards,
09-08-2025 09:40 AM
Yes you can but then all patterns will need to match. I have also made an article about custom signatures that show the "OR" pattern but the "AND" pattern can also be used:
How to Write Palo Alto Networks Custom Vulnerability and Application Signatures with Examples
If you see issues you can also make sever custom signatures each for each pattern and then make another custom signature referensing the threat id's of the previous signatures with AND condition. This could be needed if you try to match the same packet part with the different string matches like "if header Example has keyword 'maybe' " and then another "if header Example has keyword 'why' " as the processing could have moved on after the first condition to the next part of the packet.
Also always use "Qulifiers" to limit the Performance impact like HTTP methods where to trigger the match.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
