Categories
EDU-114 Study Palo Alto

Palo Alto EDU-114: Custom Threat Signatures

Objectives:

Create custom software vulnerability and spyware signatures

Create standard and combination threat signatures

Types of signatures:

  • Defined by Palo Alto:
    • Vulnerability Signatures
    • Anti-Spyware Signatures
  • Are updated frequently (each week) via Applications and Threats content updates
  • Custom defined:
    • Vulnerability Signatures
    • Anti-Spyware Signatures
  • Are updated by the administrator as required

Creating Custom Threat Signatures:

Browse to Objects -> Custom Objects, select Spyware to create custom spyware signatures or select Vulnerability to create custom vulnerability signatures.

The creation for both of these signatures is a similar process

Standard Verus Combination Threat Signatures

A standard signature looks for a single match condition out of one or more defined, once detected it will trigger the threat action.

A combination signature looks for one or more standard match conditions within a time element. This is only created when the administrator wishes the firewall to take action only when one or more threat signatures are detected within a certain time period

An example of a good combination signature is detecting brute force attacks, when a password is submitted to an application in quick succession.

Leave a Reply

Your email address will not be published. Required fields are marked *