Need assistance creating a custom application

cancel
Showing results for 
Search instead for 
Did you mean: 

Need assistance creating a custom application

L1 Bithead

     I have a warehouse management system, and I need to identify the traffic from the WMS client. 

Here is a section of the tcp stream from a packet capture:

V103^46^^~0~~0~~-1^=^002050^get encryption information

V103^45^45736^0^0^^1^1^s^~name~4~4~name~name~^S4^none

V104^73^2^^^66^^^~0~~0~~-1^=^002306^list comp versions where base_prog_id = 'Dlx'

I found a pattern unique to the client that is presented at  login.    So, I created a custom app and set the signature to look for the  following pattern:   .*(list comp versions where base_prog_id = 'Dlx')     , which I applied to the 'Session' scope.       This signature successfully matches the client logins.  Unfortunately, once logged in, additional new connections initiated from the client are  identified as 'unknown tcp', presumably  because they do not contain the login pattern.

Unfortunately, there does not appear to  be anything consistent that I can create a single pattern for to  identify every piece of data sent.  I would have thought that finding a  match at login and identifying the traffic to the 'session' once would be sufficient.   I opened a case with support a week ago, but they are not going to help.   Any ideas or suggestions?

Thanks!

3 REPLIES 3

L6 Presenter

Your SE (Sales Engineer) should be able to help you with this.

What did the support say regarding not helping you with creating this custom app?

Otherwise there is an url to send in new app requests.   

Edit: http://www.paloaltonetworks.com/researchcenter/tools/ and click on "Submit an App".

These are direct quotes from the case that is currently open with support (though in the 'Pending Close' status, since they have technically suggested a resolution of getting the app added through an SE)


"

Unfortunately us on the support side aren't able to help very much with app creation and pattern matching. It seems like you have a good understanding of how to create the app and do basic pattern matching.

You do have a couple of options:

1. You can contact your Sales Engineer and have him submit a request for the application.

2. You can also submit the application for creation"

and

"I'm sorry there isn't more I can do from the support side. Due to  liability issues we are unable to help in the pattern matching and  creation of the app. Besides the two alternative options I sent earlier,  speaking with SE, or submitting the app on our site, you can also goto  the following link:

https://live.paloaltonetworks.com/community/devcenter

This is a forum where you can post your problem and questions. Many  Palo Alto project managers monitor this forum, so this could be another  way for you to get help in the app's creation and pattern matching. "


L4 Transporter

>>>  I would have thought that finding a  match at login and identifying the traffic to the 'session' once would be sufficient. 

This is true if all the traffic that follows happens on that initial session, not if it happens on a new session. Each new session is processed independently, so you will require a pattern to search on it.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!