This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Custom App-ID for XP OS?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Custom App-ID for XP OS?

scott.smith
L0 Member

‎04-28-2014 12:22 PM

Has anyone written a Custom App-ID to identify XP OS, and more specifically browser based access.  I would like to identify any XP, but realize I may only be able to see via browser headers.

Labels:
0 Likes Likes
2 REPLIES 2

DavePATS
L0 Member

‎04-28-2014 05:06 PM

Scott,

This should be workable.  The "User-Agent" header, which is part of a HTTP stream would contain this data. Looks like XP will show as the following: 'Windows XP' => '(Windows NT 5.1)|(Windows XP)',

A little testing with WireShark and some web searches should get you on your way.  If you need additional help with your custom signature please reference our DevCenter via the link below. 

DevCenter

0 Likes Likes

MarcoLeckel
L3 Networker

‎04-29-2014 02:37 AM

As said before, User-Agent in HTTP Header is the only practical way to identify XP. Be aware that the User Agent may be faked.

By the way:

May be it is better to use Custom Vulnerability instead of Custom App.

This way you can identify the "Threat" XP 😉

If you use Custom App you will overwrite the whole App-Engine

which means all http Traffic will be identified as XP instead of facebook,google,youtube ......

Custom App and Custom Vulnerability work the same way when you define your own Signatures.

Regards

Marco

(edit)

There is already a sample in Dev Forum

Custom vulnerability signature for identifying Windows XP clients

0 Likes Likes
  • 2405 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks