Can I create a custom file type?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Can I create a custom file type?

L3 Networker

As per the subject, is this possible to do?

We'd like to have specific types of files logged when it enters or leaves our network but since there is no such file type on the system, it isn't being logged.

Thanks

1 accepted solution

Accepted Solutions

L5 Sessionator

Hi Eugene,

Unfortunately, there is no way for you to create a custom file type signature.  If you would like to see this feature in a future PAN-OS release, please contact your SE or Sales representative so they can accurately capture the request.  In the meantime, you can use either a custom App-ID or a custom vulnerability signature for some form of detection, though as you've mentioned, these will not show in the data filtering logs.

--Doris

View solution in original post

6 REPLIES 6

L4 Transporter

Hello eugenep,

We can create custom applications based on what file type you are looking for. The details about creating custom apps by analyzing a pattern is shared in the below document.

Custom Application Signatures

Thanks

Hi Phoenix,

Thanks for your response but I'm after a custom file type, so I can see the file itself in my data filtering logs.  I don't want to change the application used to transfer the file type.

Thanks

L5 Sessionator

Hi Eugene,

Unfortunately, there is no way for you to create a custom file type signature.  If you would like to see this feature in a future PAN-OS release, please contact your SE or Sales representative so they can accurately capture the request.  In the meantime, you can use either a custom App-ID or a custom vulnerability signature for some form of detection, though as you've mentioned, these will not show in the data filtering logs.

--Doris

Hi Doris,

Thanks for the confirmation.  I am currently using a custom vulnerability signature to detect the transfer of the file and it does appear in my threat logs.

I will bring it up with my SE.

Thanks

Great news, Eugene!

For what it's worth, may I ask what file type you're trying to detect?  Aside from requesting the ability to create a custom file type signature, you may also want to request for us to add an additional file type to our built-in signatures.  The appropriate team will evaluate your request, and if they decide to add it, a new signature could be delivered via content, which is a lot faster than waiting for a PAN-OS software release.  Either way, please bring this up with your SE.

--Doris

I want to add the ability to detect EXR files (OpenEXR - Wikipedia, the free encyclopedia).  I work for a Media and Entertainment company and this one of the image file formats we use and we want to be able to detect and log this file type.

Thanks,

Eugene

  • 1 accepted solution
  • 4235 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!