03-28-2020 11:58 PM
Currently it is not possible to block hashes in Palo Alto Firewall.
Mayur
03-29-2020 03:54 AM
Can we block file hashes in paloalto
03-29-2020 04:27 AM
For reference file is pasted below .
filename | md5 | sha1 | sha256 | ssdeep | note |
CuscalApplication.exe | 01d397df2a1cf1d4c8e3615b7064856c | 43a7858a0564c500e7f248762353f5b1ec3f3ef8 | d928b1c1096e636463afbd19f40a6b325e159196b4497895748c31535ea503dc | 3072:Ub9gBv06BB7AIiTYhs5UCe0lvtvxQGsRrDhuO7GXFeD1nylc/Bx4:Ubi+6LAIJhs551xFsF5S1eUYO | Lazarus/FASTCash malware, fraudulent job application campaign |
03-29-2020 05:21 AM
Unfortunately, right now there no option to block file hashes in Palo Alto. You can try by creating Custom Signature for your use case.
Mayur
03-29-2020 05:23 AM
thanks for you reply
Is any document for Customer signature to block this hash
03-29-2020 06:15 AM
Actually it is not possible to create custom Signature in PA based on file hash value. But yes there are options custom signatures based on file types patterns. Please refer below articles.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClOFCA0
Hope it helps you!
Mayur
03-30-2020 10:07 AM
Hello,
Take a look at a program that blocks on these features. Maybe block it with your AV or some other app whitelisting application such as bit9.
Regards,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
