05-28-2024 01:44 PM
Hello, I know it's silly, but we are looking to do just what the subject of this topic says. With the release of iTerm2 version 3.5.0 there are ai integrations to OpenAI. We want to block this traffic if it's from the "UserAgent: iTerm2/3.5.0", but allow this traffic if it's web based. I know that sounds silly, but that's the request in my company.
I was trying to create a custom vulnerability with the UserAgent, but I'm not seeing that as an option. What else are we doing in order to block this via Palo?
We are able to get more details with a log ingestion too, but below is the criteria of traffic we are looking to block from a single log avent. If all of these are true, block, else allow it:
05-31-2024 01:03 AM - edited 05-31-2024 01:04 AM
First, In order for this to work, you need to make sure that traffic is decrypted. The web TLS traffic might be easy to do, but the iterm who knows. When traffic is not decrypted you are at the merci of using the SAN value in the certificate.
Now, I am assuming that the iterm trafifc is through the API, if the traffic is not getting decrypt, might not match the web traffic because the certificate might be different. What I would do is setup a policy to allow the decrypted traffic using the App-ID and URL filtering and then block the API traffic based on their IPs based on this information
https://platform.openai.com/docs/actions/production
See if that works, or perhaps you might need to block the API first, check the traffic patterns to see what works best.
Regards,
05-31-2024 06:28 AM
Hello. Yes we are decrypting the traffic no issues there. We do want to allow other openai-api calls through the browser, specifically want to block with the use of the iTerm2 application. Now I can setup a policy to block traffic to that URL, with the App-ID of Openai-api, and that will get me closer. However if the URL changes I don't want to have to keep updating the rule. I'm more curious how to create a custom vulnerability based on the UserAgent field I see from our 3rd party logging tool the Palo logs don't show me in Panorama?
Here is more of the 3rd party log with any company information redacted. I bolded some fields of interest I would like to use for the custom vulnerability. However I'm not finding any Palo documentation to explain their different "context" fields when creating the signature of a custom vulnerability.
Action: allow
Application: openai-api
ConfigVersion: 10.2
ContainerID: null
ContainerName: null
ContainerNameSpace: null
ContentType: null
ContentVersion: 0
DGHierarchyLevel1: 21
DGHierarchyLevel2: 18
DGHierarchyLevel3: 0
DGHierarchyLevel4: 0
DestinationAddress: 104.18.6.192
DestinationDeviceCategory: null
DestinationDeviceHost: null
DestinationDeviceMac: null
DestinationDeviceModel: null
DestinationDeviceOSFamily: null
DestinationDeviceOSVersion: null
DestinationDeviceProfile: null
DestinationDeviceVendor: null
DestinationDynamicAddressGroup: null
DestinationEDL: null
DestinationLocation: US
DestinationPort: 443
DestinationUUID: null
DestinationUser: null
DeviceName: GP cloud service
DeviceSN: no-serial
DirectionOfAttack: client to server
DynamicUserGroupName: null
EndpointSerialNumber: null
FromZone: trust
HTTP2Connection: 247541
HTTPHeaders: null
HTTPMethod: post
HostID: null
IMEI: null
IMSI: 0
InboundInterface: tunnel.1
InlineMLVerdict: unknown
LogSetting: Redacted
LogType: THREAT
NATDestination: 104.18.6.192
NATDestinationPort: 443
NATSource: Redacted
NATSourcePort: 56324
NSSAINetworkSliceType: null
OutboundInterface: ethernet1/1
PacketID: 0
ParentSessionID: 0
ParentStarttime: 2024-05-31T13:01:27.000000Z
Protocol: tcp
Referer: null
RepeatCount: 1
Rule: Redacted
RuleUUID: b12c9089-9de8-482c-bf07-d9ca3f0197c0
SequenceNo: 7364170906109984247
SessionID: 848202
SigFlags: 0
SourceAddress: Redacted
SourceDeviceCategory: null
SourceDeviceHost: null
SourceDeviceMac: null
SourceDeviceModel: null
SourceDeviceOSFamily: null
SourceDeviceOSVersion: null
SourceDeviceProfile: null
SourceDeviceVendor: null
SourceDynamicAddressGroup: null
SourceEDL: null
SourceLocation: Redacted
SourcePort: 50070
SourceUUID: null
SourceUser: Redacted
Subtype: url
TimeGenerated: 2024-05-31T13:01:28.000000Z
TimeGeneratedHighResolution: 2024-05-31T13:01:29.508000Z
TimeReceived: 2024-05-31T13:01:33.000000Z
ToZone: untrust
Tunnel: N/A
URL: api.openai.com/v1/chat/completions
URLCategory: artificial-intelligence
URLCategoryList: artificial-intelligence,computer-and-internet-info,low-risk
URLCounter: 1
UserAgent: iTerm2/3.5.0 CFNetwork/1496.0.7 Darwin/23.5.0
VendorSeverity: Informational
VirtualLocation: vsys1
VirtualSystemName:
X-Forwarded-For: null
X-Forwarded-ForIP: null
05-31-2024 06:31 AM
And to be fair the URL is shared with the Python integration we want to allow, so it needs to be by the UserAgent of iterm2
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
