Creating a custom app is actually fairly simple to do, it is just a little hard to understand . There is a simple way, and a more complex way. The complex way is a much more useful tool. The simple way is to create a custom app by clicking add in application objects, give it a name and then check the box marked Continue scanning for other Applications. Then click on policies tab and select application override. Click add and name it, give it a source and destination, and the port(s) that it uses, select the custom application that you created and presto you have that unknown-tcp or unknown-upd traffic show in the logs as your custom app. The more complex method entails actually packet capturing the traffic and creating a signature based on that traffic. The document that sraghunandan, posted: https://live.paloaltonetworks.com/docs/DOC-2015 does a far better job of explaining that I could. For non-http traffic, I have used unknown-req-tcp-payload, and hex string matches, with defined ports. Just remember the \x at the beginning and the end!
... View more