This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

About Alex_S

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Alex_S
‎08-04-2020
since ‎11-20-2012
L0 Member
User Activity
User Profile
Latest posts by Alex_S
View All
User Badges
Community Statistics
Member Since ‎11-20-2012 11:22 AM
Date Last Visited ‎08-04-2020 01:11 AM
Posts 2

Re: Custom App-ID SMB Signature Assistance

by in Automation/API Discussions
‎07-23-2014 06:02 PM
‎07-23-2014 06:02 PM
Sorry for the late post. Thank you Greg, I'll give it a shot. Alex ... View more

Custom App-ID SMB Signature Assistance

by in Automation/API Discussions
‎06-30-2014 12:37 PM
‎06-30-2014 12:37 PM
Hello, I'm trying to write a custom smb signature to restrict access to certain shares. It's based on Custom App-ID for a specific SMB share My share pattern is '\\america\credit'. Unfortunately, it didn't work for me and I opened a support case. But they asked me to post the sig. here to verify it first before they look at this further. Can some one please, check the signature ? <application version="5.1.0">   <entry name="smb-myshare">     <signature>       <entry name="s1">         <and-condition>           <entry name="And Condition 2">             <or-condition>               <entry name="Or Condition 1">                 <operator>                   <pattern-match>                     <pattern>\x 5c 00 5c 00 61 00 6d 00 65 00 72 00 69 00 63 00 61 00 5c 00 63 00 72 00 65 00 64 00 69 00 74 00\x</pattern>                     <context>ms-ds-smb-req-share-name</context>                   </pattern-match>                 </operator>               </entry>             </or-condition>           </entry>         </and-condition>         <scope>protocol-data-unit</scope>         <order-free>no</order-free>         <comment>string in unicode matches "\\america\credit"</comment>       </entry>     </signature>     <subcategory>storage-backup</subcategory>     <category>business-systems</category>     <technology>client-server</technology>     <risk>3</risk>     <evasive-behavior>no</evasive-behavior>     <consume-big-bandwidth>no</consume-big-bandwidth>     <used-by-malware>no</used-by-malware>     <able-to-transfer-file>yes</able-to-transfer-file>     <has-known-vulnerability>yes</has-known-vulnerability>     <tunnel-other-application>no</tunnel-other-application>     <tunnel-applications>no</tunnel-applications>     <prone-to-misuse>no</prone-to-misuse>     <pervasive-use>no</pervasive-use>     <file-type-ident>yes</file-type-ident>     <virus-ident>yes</virus-ident>     <spyware-ident>no</spyware-ident>     <data-ident>no</data-ident>     <parent-app>ms-ds-smb</parent-app>     <description>App-ID to identify and control access to a specific SMB share</description>     <default>       <port>         <member>tcp/445</member>         <member>udp/445</member>         <member>tcp/139</member>       </port>     </default>   </entry> </application> Thanks, Alex ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎08-04-2020 01:11 AM
Latest Tags
No tags yet
LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks