Network Security
Create Custom Objects (Strata Cloud Manager)
Table of Contents
Expand All
|
Collapse All
Network Security Docs
Create Custom Objects (Strata Cloud Manager)
Create custom data patterns, vulnerability and spyware signatures, and URL categories
to use with security rules.
Create custom data patterns, vulnerability and spyware signatures, and
URL categories to use with security rules.
Custom Objects: Data Patterns
Select ManageConfigurationNGFW and Prisma AccessSecurity ServicesData Loss PreventionDetection MethodsData Patterns to define the categories of sensitive information that you may
want to filter.
Also, be sure to learn about defining data filtering profiles
Select Add Data PatternsCustom and configure the settings in this table to add your custom data
pattern:
Data Pattern Settings
|
Description
|
---|---|
Name
|
Enter the data pattern name (up to 31 characters). The name
is case-sensitive and must be unique. Use only letters,
numbers, spaces, hyphens, and underscores.
|
Description
|
Enter a description for the data pattern (up to 255
characters).
|
Pattern Type
|
Select the type of data pattern you want to create:
|
Predefined Pattern
|
Palo Alto Networks provides predefined data patterns to scan
for certain types of information in files, for example, for
credit card numbers or social security numbers. To configure
data filtering based on a predefined pattern,
Add a pattern and select the
following:
|
Regular Expression
| Add a custom data
pattern. Give the pattern a descriptive
Name, set the File
Type you want to scan for the data pattern,
and enter the regular expression that defines the
Data Pattern. For regular
expression data pattern syntax details and examples, see: |
File Properties
|
Build a data pattern to scan for file properties and the
associated values. For example, Add a
data pattern to filter for Microsoft Word documents and PDFs
where the document title includes the words “sensitive”,
“internal”, or “confidential”.
|
Custom Objects: Spyware/Vulnerability
Use the Custom Spyware Signature page to define signatures
for Anti-Spyware profiles. ManageConfigurationNGFW and Prisma AccessSecurity ServicesAnti-Spyware
Use the Custom Vulnerability Signature page to define
signatures for Vulnerability Protection
profiles. ManageConfigurationNGFW and Prisma AccessSecurity ServicesURL Access Management
Select the Custom Signatures tab, Add Custom
Signature, and Configure the settings in this table:
Custom Vulnerability and Spyware
Signature Settings
|
Description
|
---|---|
Configuration Tab
| |
Threat ID
|
Enter a numeric identifier for the configuration (spyware
signatures range is 15000-18000 and 6900001 - 7000000;
vulnerability signatures range is 41000-45000 and
6800001-6900000).
|
Name
|
Specify the threat name.
|
Comment
|
Enter an optional comment.
|
Severity
|
Assign a level that indicates the seriousness of the
threat.
|
Default Action
|
Assign the default action to take if the threat conditions
are met. For a list of actions, see Actions in
Security Profiles.
|
Direction
|
Indicate whether the threat is assessed from the client to
server, server to client, or both.
|
Affected System
|
Indicate whether the threat involves the client, server,
either, or both. Applies to vulnerability signatures, but
not spyware signatures.
|
CVE
|
Specify the common vulnerability enumeration (CVE) as an
external reference for additional background and
analysis.
|
Vendor
|
Specify the vendor identifier for the vulnerability as an
external reference for additional background and
analysis.
|
Bugtraq
|
Specify the bugtraq (similar to CVE) as an external reference
for additional background and analysis.
|
Reference
|
Add any links to additional analysis or background
information. The information is shown when a user clicks on
the threat from the ACC, logs, or vulnerability profile.
|
Signatures Tab
| |
Standard Signature
|
Select Standard and then
Add a new signature. Specify the
following information:
Add a condition by clicking Add Or
Condition or Add And
Condition. To add a condition within a
group, select the group and then click Add
Condition. Add a condition to a signature so
that the signature is generated for traffic when the
parameters you define for the condition are true. Select an
Operator from the drop-down. The
operator defines the type of condition that must be true for
the custom signature to match to traffic. Choose from
Less Than, Equal
To, Greater Than, or
Pattern Match operators.
|
| |
Combination Signature
|
Select Combination and specify the
following information:
Select Combination Signatures to
specify conditions that define signatures:
Select Time Attribute to specify the
following information:
|
Custom Objects: URL Category
Go to ManageConfigurationNGFW and Prisma AccessSecurity ServicesURL Access Management, and Add Category to create your custom
list of URLs and use it in a URL filtering profile or
as match criteria in security rules. In a custom URL category, you can add URL
entries individually or you can import a text file that contains a list of
URLs.
URL entries added to custom categories are case insensitive.
Configure the settings in this table:
Custom URL Category Settings
|
Description
|
---|---|
Name
|
Enter a name to identify the custom URL category (up to 31
characters). This name displays in the category list when
defining URL filtering security rules and in the match
criteria for URL categories in security rules. The name is
case-sensitive and must be unique. Use only letters,
numbers, spaces, hyphens, and underscores.
|
Description
|
Enter a description for the URL category (up to 255
characters).
|
Type
|
Select the category type:
|
Sites
|
Manage sites for the custom URL category (each URL added or
imported can have a maximum of 255 characters).
To delete a custom category that you used in a URL
Filtering profile , you must set the action to
None before you can delete
the custom category. |