One of my customer want to know whether the Pan block web shell or shell script. In my opinion, there's no ips which can block those attacks 100%.
Threat prevention of the PA is signature base also, which means if it detects well-known web shell, it might block it. If not, it can't.
It's sure that web shell is based on web server application vulnerability or miss configuration. So the basic method to block those attack is secure cording or secure configuration of the web server.
But I need to tell the customer the exact information about PA's function.
Please don't mention custom signature, there's not so much customer who can make custom signature :smileygrin:
Thank you very much.
Palo Alto Networks can help protect a great many things. We can block file types, viruses, threats, vulnerability etc.
If the shell script that is being executed is part of a known threat/vulnerability, then we should be able to detect that and stop it (if configured to do so).
Otherwise we do not block shell scripts. Unless you want to create a regex (Regular Expression) and create a custom signature.. I am sorry, you told me not to say that.
For the record, here are instructions on creating Custom Signatures:
Does that help answer your question?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!