Custom Threat is being identified, but not taking the correct action.

We have a custom vulnerability for Datanyze Scraping that is being idenfied but only alerting.  This signature looks for http-req-headers and dns-req-headers for the value of Datanyze.  This is working great, I can see the traffic in the threat log s

pattern match for less than 7 byte application

Hello all,

we are trying to implement user-Agent feature that's exist in MWG proxy. on attched wireshark capture screen shot "wget" user agent has only 4 bytes. do you have work around to make signature equal to 7 bytes. 

I also attached screen shot e

IPv4 flags as App-ID Signatures?

Hello,

 Is it possible to use simple IPv4 flag info as match criteria for App-ID signatures? I'm looking for something simple such as matching source IP, destination IP and destination port. I'm not having any luck finding patterns in the data to use

There is no CVE-2019-9082 signature

Hi,

Nowadays some attackers attack our web site relevant code injection. Perimeter firewall is Palo Alto and seperator firewall is Fortinet. This attack type is below that's not keeping by PA but it's keeping FG so prevent.

I obsevered this signature

custom web ssl based application

hello guyes.

what will be the right way to describe the custom application for the pcap in the attach?

the unique id is the fqdn site1.qwe.loc

how to get vulnerability signature pattern

HI @reaper 

Palo alto is releasing content update every week and changes in default action will be changed periodically.

Recenty in Content version 8146 vulnerability 55570  Oracle WebLogic wls9-async Remote Code Execution Vulnerability  action is se

Block access to websites available over their IP (and not a FQDN)

Hi community

Does anyone already managed to block access to websites available directly with their IP? Actually with regex this would be an easy task, but I have some difficulties creating a custom application signature as there isn't the full regex

Unable to negate Signature pattern-match. Why Custom Vulnerability has Negate option but Apps NOT?

I created custom app for ldaps tcp/636 based on signature (ssl-rsp-certificate) which contains text from certificate

This caused https - tcp/443 (ssl based) traffic to match this new custom app.
After some investigation I realised that https context ss

Blocking web content with custom data patterns

Hi all,

I'm trying to use custom data patterns to block all content related to the 'Momo' hoax.  I'm having issues getting around the fact that 'momo' is smaller than 7 bytes.

Do you have any recommendations on how to use an anchor 7 bytes or longer

Office XML with Macros

This is a custom vulnerability signature I created based on what I was seeing come through to our users.  Usually, the malicious Office files with macros were in either the binary Office 2003 format or the newer Office 2007+ format.  What I was seein

Custom Antivirus Signatures

Is it possible to create custom antivirus signatures?

Goal is to block files with certain hashes. The original file is not available, only the hash.

Is there any way to submit hashes to PANW so that they create signatures? (Something similar like for U

Webmail Control via URL

Can paloalto control the sending of web mail?

i want to make it impossible to send out from the webmail.

There is a service called Naver that provides web mail like Google.

for example,

The URL for sending is as follows.

mail.naver.com/n=111113333&v=f#%

Custom signature not working as expected

Hi Guys

I have the follwoing issue:

I have a policy rule where I allow  smtp flow! On this rule I have a vulnerability protection profile. In this pofile I have 2 rules:

- one rule which is supposed to allow emails with bb.com in the subject

-the second