- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
05-03-2013 06:50 AM
Anyone know where I can find a list of available protocol decoders in the PA's? Is the "context" area of custom app/vuln sigs the only place where this is listed? If so, that's not a very easy place to extract the list from.
05-03-2013 09:08 AM
Per PM, there are no documentation and no command on the CLI to show all of the decoders that we have, but we do have a list of exposed decoders (not all) that can be used in custom signatures. If you go to Objects > Custom Signatures, you can create a new custom sig and will then have to choose the decoder and context that you want to use. There is a drop-down menu that shows this.
05-03-2013 08:02 AM
Currently, I believe there are about 190 decoders. Might need to contact Sales/PM to obtain said list if readily available for release.
05-03-2013 09:08 AM
Per PM, there are no documentation and no command on the CLI to show all of the decoders that we have, but we do have a list of exposed decoders (not all) that can be used in custom signatures. If you go to Objects > Custom Signatures, you can create a new custom sig and will then have to choose the decoder and context that you want to use. There is a drop-down menu that shows this.
05-04-2013 03:08 PM
There is a debug command to list all appid's within a PA box, could this debug command be extended to also be able to display current decoders?
05-06-2013 06:51 AM
Sounds plausible enough but would need to be submitted as an FR via Sales SE.
admin@PA-200> debug device-server dump idmgr type shared-application all
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!