I am fairly new to custom signature in Palo Alto, just so you are warned. I am trying to create a vulnerability signature for detecting wordpress. The Get request will contain /? followed by 5 digits or more. User agent will be wordpress/ followed by version number. My plan was to create one signature with one condition for User-agent ( http-req-headers with pattern match 'wordpres/' ) and one for the Get request ( http-req-uri-path with pattern match 'GET /?amp' ) . The problem I have is that the get request contains too few fixed charters. Any suggestions on how to get around this ?
... View more