05-09-2011 08:19 AM
I am wondering not beeing able to declare hexadecimal data in custom pattern/signatures. Perhaps i am in mistake, but i found nowhere any complete explanation of "building regex with Palo Alto systems".
For instance, i did not found the solution to declare "<" in a pattern regex ( "<" or "\<" don't work) or "Beginning of the file" (perhaps "^" ?).
greetings
Manfred
05-09-2011 09:11 AM
For hex patterns in custom sigs use "\x" at the beginning of the hex pattern, then "\x" at the end of the hex pattern. For example: .*\x42 3f 36 2b 7a 70 49 50 44 35 39 77 3d 3d 3f 3d\x. We will work on get this into the admin guide.
Alfred
05-09-2011 09:11 AM
For hex patterns in custom sigs use "\x" at the beginning of the hex pattern, then "\x" at the end of the hex pattern. For example: .*\x42 3f 36 2b 7a 70 49 50 44 35 39 77 3d 3d 3f 3d\x. We will work on get this into the admin guide.
Alfred
05-10-2011 03:46 AM
Hi Alfred,
do you know the method to declare "Beginning of file" ? Am i right to guess, that "\x41 6c 66 72 65 64\x" without ".*" is "Alfred" at the very beginning?
mfg
Manfred
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
