I've been trying to create a custom vulnerability and I have encountered this limitation:
Currently in Threat Database Vault 529 version there are 50 signatures for PHP.
I'm trying to add all PHP signatures and this message appears when it exceeds 17 signatures.
Is this limitation correct or is a fail?
A few days ago we suffer multiple PHP vulnerability scanning in our web servers:
The source IP 220.127.116.11 is in many blacklists.
I would like to create a custom signature for IP auto-block attacker for 1 hour, if 10 times in 10 seconds any PHP Scan Vulnerability.
Thanks and regards,
I'm not sure on the custom Vulnerabilities issue, perhaps a support case is in order? However if the IP is on many lists, have you considered Dynamic Block Lists?
Just a thought.
To address the limit of 16 patterns you just need to add another signature as shown below:
Each signature can have 16 "or" values. I have signatures that have +50 string patterns
Hope this helps.
First of all thanks for your answer Otakar.Klier.
About "Dynamic Block List" I already knew and I already had put to work this in any of our clients.
I think it is a correct answer.
But first I would like to try every option that gives the IPS Palo Alto and one of these are the "Custom Vulnerability Signature".
It is a way to demonstrate the potential of Palo Alto firewalls.
I don't understand.
I think you mean to use patterns instead of signatures.
I think it might work but what are the patterns of each firm? or where can I find them?
Note that currently in Threat Database Vault 529 version there are 50 signatures for PHP.
Thanks and regards,
The signature can have multiple sets of patterns. Each set of patterns (max 16) can be "or" conditions. The pattern string can be for specific purposes such as misuse of access to PHP related resources.
Does this add any clarity or am I missing something.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!