Content Inspection Features
Table of Contents
Expand all | Collapse all
-
-
- Enterprise Data Loss Prevention Features
- IoT Security Features
- Content Inspection Features
- Decryption Features
- GlobalProtect Features
- Management Features
- Certificate Management Features
- Panorama Features
- Networking Features
- User-ID Features
- Policy Features
- Authentication Features
- WildFire Features
- Virtualization Features
- SD-WAN Features
- Mobile Infrastructure Security Features
- New Hardware Introduced with PAN-OS 10.0
- Changes to Default Behavior
- Associated Software and Content Versions
- Limitations
-
-
- PAN-OS 10.0.12 Known Issues
- PAN-OS 10.0.11 Known Issues
- PAN-OS 10.0.10 Known Issues
- PAN-OS 10.0.9 Known Issues
- PAN-OS 10.0.8 Known Issues
- PAN-OS 10.0.7 Known Issues
- PAN-OS 10.0.6 Known Issues
- PAN-OS 10.0.5 Known Issues
- PAN-OS 10.0.4 Known Issues
- PAN-OS 10.0.3 Known Issues
- PAN-OS 10.0.2 Known Issues
- PAN-OS 10.0.1 Known Issues
- Known Issues for the CN-Series on Version 10.0
-
-
-
- PAN-OS 10.0.12-h1 Addressed Issues
- PAN-OS 10.0.12 Addressed Issues
- PAN-OS 10.0.11-h1 Addressed Issues
- PAN-OS 10.0.11 Addressed Issues
- PAN-OS 10.0.10-h1 Addressed Issues
- PAN-OS 10.0.10 Addressed Issues
- PAN-OS 10.0.9 Addressed Issues
- PAN-OS 10.0.8-h8 Addressed Issues
- PAN-OS 10.0.8-h4 Addressed Issues
- PAN-OS 10.0.8 Addressed Issues
- PAN-OS 10.0.7 Addressed Issues
- PAN-OS 10.0.6 Addressed Issues
- PAN-OS 10.0.5 Addressed Issues
- PAN-OS 10.0.4 Addressed Issues
- PAN-OS 10.0.3 Addressed Issues
- PAN-OS 10.0.2 Addressed Issues
- PAN-OS 10.0.1 Addressed Issues
- PAN-OS 10.0.0 Addressed Issues
End-of-Life (EoL)
Content Inspection Features
Learn about new content inspection capabilities in PAN-OS
®
10.0.New Content Inspection Feature | Description |
---|---|
Enhanced Pattern-Matching Engine for Custom
Signatures | The PAN-OS ® pattern-matching
engine now supports new regular expression (regex) syntax and shorter
data patterns, which dramatically expand the number of possible
custom threat signatures that you can create and ingest from a third-party
intrusion prevention system (IPS). To maximize the benefits
of this new compatibility with third-party signatures, install the
IPS Signature Converter for Panorama, which provides an automated
solution for converting Snort and Suricata signatures into custom
Palo Alto Networks threat signatures. You can also use the
new pattern-matching capabilities to more finely control application
usage with custom application signatures. |
IPS Signature Converter Plugin | The IPS signature converter plugin leverages
the new Enhanced Pattern-Matching Engine to automatically convert rules
for Snort and Suricata intrusion prevention system (IPS) software
into custom Palo Alto Networks threat signatures. This enables you
to immediately augment existing Threat Prevention coverage with
Snort and Suricata rules that you receive from threat intelligence
sources or that you write specifically for your network environment. Panorama
10.0 supports the IPS signature converter plugin and supplies the
compatible version but does not install the plugin automatically.
You should install the plugin if
you have or expect to receive Snort and Suricata rules that you
want to use in Security policy rules on your Panorama-managed firewalls. |
DNS Security Signature Categories | The DNS Security service now features individually configurable
and extensible DNS Security Signature Categories, which enables
you to create discrete Security policies based on the risk factors
associated with certain types of DNS traffic. You can apply these
new domain categories in your DNS Security policies to implement
granular access control for different categories of domains based
on the risk that these domains pose to your organization. These
categories currently include C2 (encompasses DGA and DNS tunneling),
malware, DDNS, newly registered domains, and phishing and we can
expand these categories through PAN-OS content releases. |
Expanded Data Collection for the DNS Security
Service | The DNS Security service now collects additional
server response and request information to provide improved analytics,
DNS detection, and prevention. |
URL Filtering Inline ML | The firewall can now use machine learning
(ML) on the dataplane to analyze web page content and determine
if the pages contain malicious JavaScript or other content used
for credential phishing. Inline ML prevents web page threats from infiltrating
your network by providing real-time analysis capabilities on the
firewall, which reduces the possibility of proliferation of unknown
JavaScript variants and other phishing vectors. |
Increased Security Against Evasion Attacks | New protections bolster your defenses against
evasion attacks where attackers attempt to breach your network by bypassing
security inspection. The increased security measures cover evasion
techniques that misuse URLs and Base64-encoded content. You begin
receiving this protection as soon as you upgrade to a PAN-OS 10.0
release—no subscription or additional configuration is required. |