Content Inspection Features

Learn about new content inspection capabilities in PAN-OS
New Content Inspection Feature
Enhanced Pattern-Matching Engine for Custom Signatures
pattern-matching engine now supports new regular expression (regex) syntax and shorter data patterns, dramatically expanding the number of possible custom threat signatures that you can create and ingest from third-party intrusion prevention systems (IPS).
To maximize this new compatibility with third-party signatures, you can install the IPS Signature Converter for Panorama, which provides an automated solution to converting Snort and Suricata signatures into custom Palo Alto Networks threat signatures.
You can also use the new pattern-matching capabilities to more finely control application usage with custom application signatures.
IPS Signature Converter Plugin
The IPS signature converter plugin leverages the new Enhanced Pattern-Matching Engine to automatically convert rules for the Snort and Suricata intrusion prevention systems (IPS) into custom Palo Alto Networks threat signatures. This enables you to immediately augment existing Threat Prevention coverage with Snort and Suricata rules that you receive from threat intelligence sources or write specifically for your network environment.
Panorama 10.0 supports the IPS signature converter plugin and supplies the compatible version but does not install it automatically. Install the plugin if you have or expect to receive Snort and Suricata rules that you want to use in security policy on your Panorama-managed firewalls.
DNS Security Signature Categories
The DNS Security service now features individually configurable and extensible DNS Security Signature Categories, which allows you to create discrete security policies based on the risk factors associated with certain types of DNS traffic. Applying these new domain categories in your DNS Security policies allows you to implement granular access control to different categories of domains based on the risk that these domains pose to your organization. These categories currently include C2 (encompasses DGA and DNS tunneling), malware, DDNS, newly registered domains, and phishing and can be expanded through PAN-OS content releases.
Expanded Data Collection for the DNS Security Service
The DNS Security service now collects additional server response and request information to provide improved analytics, DNS detection, and prevention.
URL Filtering Inline ML
The firewall can now use machine learning on the dataplane to analyze web page content to determine if it contains malicious JavaScript or is being used for credential phishing. Inline ML prevents web page threats from infiltrating your network by providing real-time analysis capabilities on the firewall; reducing the possibility of the proliferation of unknown JavaScript variants and various phishing vectors.
Increased Security Against Evasion Attacks
New protections bolster your defenses against evasion attacks, where attackers attempt to breach your network by bypassing security inspection. The increased security measures cover certain evasion techniques that misuse URLs and Base64-encoded content. You receive this protection upon upgrade to PAN-OS 10.0—no subscription or additional configuration is required.

Recommended For You