Objectives:
Create custom software vulnerability and spyware signatures
Create standard and combination threat signatures
Types of signatures:
- Defined by Palo Alto:
- Vulnerability Signatures
- Anti-Spyware Signatures
- Are updated frequently (each week) via Applications and Threats content updates
- Custom defined:
- Vulnerability Signatures
- Anti-Spyware Signatures
- Are updated by the administrator as required
Creating Custom Threat Signatures:
Browse to Objects -> Custom Objects, select Spyware to create custom spyware signatures or select Vulnerability to create custom vulnerability signatures.
The creation for both of these signatures is a similar process
Standard Verus Combination Threat Signatures
A standard signature looks for a single match condition out of one or more defined, once detected it will trigger the threat action.
A combination signature looks for one or more standard match conditions within a time element. This is only created when the administrator wishes the firewall to take action only when one or more threat signatures are detected within a certain time period
An example of a good combination signature is detecting brute force attacks, when a password is submitted to an application in quick succession.
Leave a Reply