Custom Vulnerability Signatures

Contents

Custom Vulnerability Signatures#

Custom vulnerability signatures allow you to define your own vulnerability signatures.

File Location#

Custom vulnerability signatures are defined in files located in:

ngfw/objects/custom objects/vulnerability

This path is defined in the settings.py module as CUSTOM_VULNERABILITY_SIGNATURES_FOLDER.

File format#

Culnerability signatures must be defined in idividual XML files. Create a signature in PAN-OS web-interface, export and save it to the ngfw/objects/custom objects/vulnerability folder.

<vulnerability-threat version="10.2.0">
  <entry name="41206">
    <signature>
      <standard>
        <entry name="HTTP_partial_response">
          <and-condition>
            <entry name="And Condition 1">
              <or-condition>
                <entry name="Or Condition 1">
                  <operator>
                    <equal-to>
                      <value>206</value>
                      <context>http-rsp-code</context>
                    </equal-to>
                  </operator>
                </entry>
              </or-condition>
            </entry>
          </and-condition>
          <order-free>yes</order-free>
          <scope>protocol-data-unit</scope>
        </entry>
      </standard>
    </signature>
    <default-action>
      <alert/>
    </default-action>
    <reference>
      <member>https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/206</member>
    </reference>
    <threatname>HTTP Partial Response</threatname>
    <severity>informational</severity>
    <direction>server2client</direction>
    <comment>This signature detects partial server response</comment>
    <affected-host>
      <client>yes</client>
    </affected-host>
  </entry>
</vulnerability-threat>