Hello to all,
I am trying to find a way for Palo Alto to recognize some how *.txt files so I can be alert when it pass my Firewall.
Any ideas how I can make this happen?
I have search on the extension list but the .txt is not included some where.
file blocking does not contain .txt files as there is no reliable way to identify these besides relying only on the file extention which can too easily be changed. a workaround would be to create a custom threat (or custom app) that identifies when a .txt extention is included in the payload of a session
you'll need to be a bit creative (packetcaptures of the intended traffic flow where you'd want to block exe could be helpful here) as you'll need to have at least a 7bytes continuous string in a regex signature
foo.*bar.*foobarfoo (invalid) (contains 2 fixed strings less than 7 bytes devided by a wildcard)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!