Network Security
Create Custom Objects (PAN-OS & Panorama)
Table of Contents
Expand All
|
Collapse All
Network Security Docs
Create Custom Objects (PAN-OS & Panorama)
Create custom data patterns, vulnerability and spyware signatures, and URL categories
to use with security rules.
Create custom data patterns, vulnerability and spyware signatures, and
URL categories to use with security rules.
Custom Objects: Data Patterns
Select ObjectsCustom ObjectsData Patterns to define the categories of sensitive information that you may
want to filter.
Also, be sure to learn about defining data filtering profiles
Add your custom data pattern and configure the settings in
this table:
Data Pattern Settings
|
Description
|
---|---|
Name
|
Enter the data pattern name (up to 31 characters). The name
is case-sensitive and must be unique. Use only letters,
numbers, spaces, hyphens, and underscores.
|
Description
|
Enter a description for the data pattern (up to 255
characters).
|
Shared
|
Select this option if you want the data pattern to be
available to:
|
Disable override (Panorama only)
|
Select this option to prevent administrators from overriding
the settings of this data pattern object in device groups
that inherit the object. This selection is cleared by
default, which means administrators can override the
settings for any device group that inherits the object.
|
Pattern Type
|
Select the type of data pattern you want to create:
|
Predefined Pattern
|
Palo Alto Networks provides predefined data patterns to scan
for certain types of information in files, for example, for
credit card numbers or social security numbers. To configure
data filtering based on a predefined pattern,
Add a pattern and select the
following:
|
Regular Expression
| Add a custom data
pattern. Give the pattern a descriptive
Name, set the File
Type you want to scan for the data pattern,
and enter the regular expression that defines the
Data Pattern. For regular
expression data pattern syntax details and examples, see: |
File Properties
|
Build a data pattern to scan for file properties and the
associated values. For example, Add a
data pattern to filter for Microsoft Word documents and PDFs
where the document title includes the words “sensitive”,
“internal”, or “confidential”.
|
Custom Objects: Spyware/Vulnerability
Use the Custom Spyware Signature page to define signatures
for Anti-Spyware profiles. ObjectsCustom ObjectsSpywareAdd
Use the Custom Vulnerability Signature page to define
signatures for Vulnerability Protection
profiles. ObjectsCustom ObjectsVulnerabilityAdd
Configure the settings in this table:
Custom Vulnerability and Spyware
Signature Settings
|
Description
|
---|---|
Configuration Tab
| |
Threat ID
|
Enter a numeric identifier for the configuration (spyware
signatures range is 15000-18000 and 6900001 - 7000000;
vulnerability signatures range is 41000-45000 and
6800001-6900000).
|
Name
|
Specify the threat name.
|
Shared
|
Select this option if you want the custom signature to be
available to:
|
Disable override (Panorama only)
|
Select this option to prevent administrators from overriding
the settings of this signature in device groups that inherit
the signature. This selection is cleared by default, which
means administrators can override the settings for any
device group that inherits the signature.
|
Comment
|
Enter an optional comment.
|
Severity
|
Assign a level that indicates the seriousness of the
threat.
|
Default Action
|
Assign the default action to take if the threat conditions
are met. For a list of actions, see Actions in
Security Profiles.
|
Direction
|
Indicate whether the threat is assessed from the client to
server, server to client, or both.
|
Affected System
|
Indicate whether the threat involves the client, server,
either, or both. Applies to vulnerability signatures, but
not spyware signatures.
|
CVE
|
Specify the common vulnerability enumeration (CVE) as an
external reference for additional background and
analysis.
|
Vendor
|
Specify the vendor identifier for the vulnerability as an
external reference for additional background and
analysis.
|
Bugtraq
|
Specify the bugtraq (similar to CVE) as an external reference
for additional background and analysis.
|
Reference
|
Add any links to additional analysis or background
information. The information is shown when a user clicks on
the threat from the ACC, logs, or vulnerability profile.
|
Signatures Tab
| |
Standard Signature
|
Select Standard and then
Add a new signature. Specify the
following information:
Add a condition by clicking Add Or
Condition or Add And
Condition. To add a condition within a
group, select the group and then click Add
Condition. Add a condition to a signature so
that the signature is generated for traffic when the
parameters you define for the condition are true. Select an
Operator from the drop-down. The
operator defines the type of condition that must be true for
the custom signature to match to traffic. Choose from
Less Than, Equal
To, Greater Than, or
Pattern Match operators.
|
| |
Combination Signature
|
Select Combination and specify the
following information:
Select Combination Signatures to
specify conditions that define signatures:
Select Time Attribute to specify the
following information:
|
Custom Objects: URL Category
Go to ObjectsCustom ObjectsURL Category, and select Add to create your custom
list of URLs and use it in a URL filtering profile or
as match criteria in security rules. In a custom URL category, you can add URL
entries individually or you can import a text file that contains a list of
URLs.
URL entries added to custom categories are case insensitive.
Configure the settings in this table:
Custom URL Category Settings
|
Description
|
---|---|
Name
|
Enter a name to identify the custom URL category (up to 31
characters). This name displays in the category list when
defining URL filtering security rules and in the match
criteria for URL categories in security rules. The name is
case-sensitive and must be unique. Use only letters,
numbers, spaces, hyphens, and underscores.
|
Description
|
Enter a description for the URL category (up to 255
characters).
|
Type
|
Select the category type:
|
Shared
|
Select this option if you want the URL category to be
available to:
|
Disable override (Panorama only)
|
Select this option to prevent administrators from overriding
the settings of this custom URL object in device groups that
inherit the object. This selection is disabled by default,
which means administrators can override the settings for any
device group that inherits the object.
|
Sites
|
Manage sites for the custom URL category (each URL added or
imported can have a maximum of 255 characters).
To delete a custom category that you used in a URL
Filtering profile , you must set the action to
None before you can delete
the custom category. |