Palo Alto Networks NGFWs allow you to develop custom application and threat signatures for network traffic you want to detect, monitor, and control. You can build these pattern-based signatures using information from packet captures and our available contexts. The firewall stores the custom signatures in a database separate from our predefined App-ID™ or threat signatures, which are updated on a regular basis.

Application signatures identify web-based and client-server applications such as Gmail. You can also create custom application signatures for proprietary applications, commercial applications without an App-ID, or traffic you want to identify by a custom name. Threat signatures detect malicious activity and prevent network-based attacks. You can create custom threat signatures to incorporate third-party security advisories and signatures or to identify threat activity such as brute force login attempts. The resulting application and threat visibility allows you to exercise a greater level of control over network traffic and reduces the attack surface of your enterprise.

You can also use the IPS Signature Converter (available as a plugin for Panorama or built into Strata Cloud Manager) to convert Snort and Suricata open-source intrusion prevention system (IPS) rules into custom Palo Alto Networks threat signatures for added threat protection coverage.