The purpose of this board is to discuss everything related to custom signature creation in PAN-OS devices. Palo Alto Networks delivers a large quantity of coverage in our weekly content updates; however, we know that our customers are staffed by dedi
...
In order to allow Updates to OneDrive im trying to create a custom application. (since I'm blocking PE) as it is detected as web-browsing. It does not detect that ms one drive premade application.
I created a custom signature with the Client hello
...
HI all,
I'm trying to create a custom signature based on the POST payload the client is sending.
This is the POST collected from the server:
POST /pds HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image...
I'm looking for a way to define a custom signature that can detect brute force attempts on the GlobalProtect portal that aren't based on the portal login page. I already have ID 40017 - VPN: Palo Alto Networks SSL VPN Authentication Brute Force Attem
...
Would anyone know how to properly identify and block old browser versions using custom vulnerability object? I need help with the proper "pattern" to use to be able to identify the version. I know that there is the following guide:
https://knowledgeba
https://www.securityweek.com/frebniis-malware-hijacks-microsoft-iis-function-to-deploy-backdoor/
Any signatures available?
Oracle's Virtual Box is free and available to use under the GPL v2 license terms.
They have Extension Pack which is not free and can invoke a software audit if found.
We are looking to see if anyone has an application snippet to prevent download of
...
Hello everyone. I work at a public community college. Our state legislature has proposed legislation that would require us to block any video platform if the platform is owned by a company headquartered outside of the United States. I currently have
...
Seeking help creating Policies to report, log, or restrict outdated Browsers from accessing Internet Content. Seems like this would be integrated into the policies. Thanks
Examples:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (K
...
I've built two signatures for DNS. One to indicate recursive lookup and not recursive lookup. When I test, the app that is evaluated first is triggered. reverse the order and the formerly 2nd app triggers. It is like the expressions are not e
...
The scenario I am seeing is SMTP brute force attempts against a username, but each time the source IP address is different, I guess they are using a botnet. Exchange will tarpit the IP for 30 seconds for the failed authentication, but it doesn't mat
...
How to change the company name field in the profile
Our programmer wrote an app that uses TCP/9901 and 9902 to transfer data between the East and West buildings. Let's call it JC-App. What is the minimum configuration on both the East and West Firewalls? Also, what would need to be added to requir
...
Hi,
I've been wondering - Is it possible to block the execution of a file by file name or ioc in the xdr?
It sounds like a rather basic feature yet i can't seem to find anything about it in the docs - only thing i found is block file execution based on
...
Hi,
I working with a customer that needs to detect the usage of SSLv3(already done with ID 36815), TLS 1.0 and TLS 1.1, at some point they may move to blocking this on certain traffic. They don't particularly want decrypt the traffic for this due to c
...
nikoolayy1
on:
signature based http-req-message-body
nikoolayy1
on:
Brute Force GlobalProtect Portal via GP app
nikoolayy1
on:
Frebniis Malware Hijacks Microsoft IIS Function to Deploy Backdoor
nikoolayy1
on:
Vulnerabilities
nikoolayy1
on:
SMTP Brute Force - different source IPs
nikoolayy1
on:
Has anyone done a custom APP to block recursive DNS queries?
