12-10-2013 05:04 PM
As per the subject, is this possible to do?
We'd like to have specific types of files logged when it enters or leaves our network but since there is no such file type on the system, it isn't being logged.
Thanks
12-11-2013 03:21 PM
Hi Eugene,
Unfortunately, there is no way for you to create a custom file type signature. If you would like to see this feature in a future PAN-OS release, please contact your SE or Sales representative so they can accurately capture the request. In the meantime, you can use either a custom App-ID or a custom vulnerability signature for some form of detection, though as you've mentioned, these will not show in the data filtering logs.
--Doris
12-11-2013 07:24 AM
Hello eugenep,
We can create custom applications based on what file type you are looking for. The details about creating custom apps by analyzing a pattern is shared in the below document.
Thanks
12-11-2013 03:13 PM
Hi Phoenix,
Thanks for your response but I'm after a custom file type, so I can see the file itself in my data filtering logs. I don't want to change the application used to transfer the file type.
Thanks
12-11-2013 03:21 PM
Hi Eugene,
Unfortunately, there is no way for you to create a custom file type signature. If you would like to see this feature in a future PAN-OS release, please contact your SE or Sales representative so they can accurately capture the request. In the meantime, you can use either a custom App-ID or a custom vulnerability signature for some form of detection, though as you've mentioned, these will not show in the data filtering logs.
--Doris
12-11-2013 03:25 PM
Hi Doris,
Thanks for the confirmation. I am currently using a custom vulnerability signature to detect the transfer of the file and it does appear in my threat logs.
I will bring it up with my SE.
Thanks
12-11-2013 03:30 PM
Great news, Eugene!
For what it's worth, may I ask what file type you're trying to detect? Aside from requesting the ability to create a custom file type signature, you may also want to request for us to add an additional file type to our built-in signatures. The appropriate team will evaluate your request, and if they decide to add it, a new signature could be delivered via content, which is a lot faster than waiting for a PAN-OS software release. Either way, please bring this up with your SE.
--Doris
12-11-2013 03:39 PM
I want to add the ability to detect EXR files (OpenEXR - Wikipedia, the free encyclopedia). I work for a Media and Entertainment company and this one of the image file formats we use and we want to be able to detect and log this file type.
Thanks,
Eugene
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
