Custom Signature Contexts
Identify the appropriate string and integer contexts
to include in your custom signature.
| Where Can I Use
This? | What Do I Need? |
|---|
Prisma Access (Managed by Panorama or Strata Cloud Manager) NGFW (Managed by Panorama or Strata Cloud Manager) VM-Series CN-Series
|
Advanced Threat Prevention (for enhanced feature
support) or Threat Prevention License
|
Palo Alto Networks contexts are specific parts of a network packet or stream where
the NGFW inspection engine looks for a match. When creating custom signatures, choosing
the right context ensures that your signature is both accurate and performant. Custom
signature contexts are available for both string and integer context types.
String Contexts—String contexts are used when you want to match a specific pattern of
characters (text or hex) within a payload. These are the most common contexts
used for identifying applications or malicious traffic.
Integer Contexts—Integer contexts are used to match numeric values rather than text patterns.
Instead of Regex, you use mathematical operators like
Equal To,
Greater Than, or
Less Than.
Context Qualifiers—Qualifiers act as "sub-filters" for a context. They don't contain the data
themselves, but they restrict when a context match should be considered valid.
This is the primary way to reduce false positives.
