Skip to content

Latest commit

 

History

History
113 lines (106 loc) · 9.84 KB

46f5fa2c-1a62-4692-82ad-ed87800a0adb.md

File metadata and controls

113 lines (106 loc) · 9.84 KB
Raw

Products: Palo Alto Networks - Next Generation Firewall

Rules

Rule ID Rule Name
MATCH-S00553 Allowed Inbound RDP Traffic
LEGACY-S00004 Bitsadmin to Uncommon TLD
THRESHOLD-S00096 Brute Force Attempt
MATCH-S00209 CVE-2021-44228 Log4j2 Java Library 0-Day Attempt
LEGACY-S00013 Connection to High Entropy Domain
MATCH-S00513 Critical Severity Intrusion Signature
MATCH-S00565 Direct Outbound DNS Traffic
THRESHOLD-S00009 Directory Traversal - Unsuccessful
THRESHOLD-S00074 Excessive Firewall Denies
THRESHOLD-S00085 Excessive Outbound Firewall Blocks
MATCH-S00454 Firewall Allowed SMB Traffic
FIRST-S00030 First Seen Outbound Connection to External IP Address on Port 445 from IP Address
FIRST-S00025 First Seen SMB Allowed Traffic From IP
FIRST-S00029 First Seen Successful Authentication From Unexpected Country
LEGACY-S00041 HTTP External Request to PowerShell Extension
LEGACY-S00042 HTTP Request to Domain in Non-Standard TLD
MATCH-S00203 HTTP activity over port 53 - Possible SIGRED
LEGACY-S00045 HTTP request for single character file name
MATCH-S00666 High Severity Intrusion Signature
LEGACY-S00047 High risk file extension download without hostname and referrer
THRESHOLD-S00097 Impossible Travel - Successful
THRESHOLD-S00098 Impossible Travel - Unsuccessful
THRESHOLD-S00079 Inbound Port Scan
MATCH-S00669 Informational Severity Intrusion Signature
THRESHOLD-S00080 Internal Port Scan
THRESHOLD-S00081 Internal Port Sweep
THRESHOLD-S00514 Intrusion Scan - Targeted
THRESHOLD-S00515 Intrusion Sweep
MATCH-S00457 Large File Upload
MATCH-S00668 Low Severity Intrusion Signature
MATCH-S00667 Medium Severity Intrusion Signature
MATCH-S00402 Normalized Security Signal
MATCH-S00556 Outbound Data Transfer Protocol Over Non-standard Port
MATCH-S00554 Outbound IRC Traffic
LEGACY-S00056 Outbound TFTP Traffic
THRESHOLD-S00048 Outbound Traffic to Countries Outside the United States
THRESHOLD-S00095 Password Attack
THRESHOLD-S00040 Possible DNS over TLS (DoT) Activity
MATCH-S00835 Possible Dynamic URL Domain
MATCH-S00637 Possible Malicious Download
MATCH-S00558 Potential Inbound VNC Traffic
MATCH-S00502 RDP Traffic to Unexpected Host
MATCH-S00560 SMTP Traffic from Non-SMTP Servers
LEGACY-S00093 Script/CLI UserAgent string
LEGACY-S00095 Server-Side Code Injection in URL
OUTLIER-S00001 Spike in Login Failures from a User
MATCH-S00783 Spring4Shell Exploitation - URL
CHAIN-S00008 Successful Brute Force
LEGACY-S00182 Suspicious HTTP User-Agent
LEGACY-S00111 Threat Intel - Device IP Matched Threat Intel URL
MATCH-S00555 Threat Intel - Inbound Traffic Context
LEGACY-S00109 Threat Intel - Matched Domain Name
MATCH-S00815 Threat Intel - Successful Authentication from Threat IP
LEGACY-S00107 Threat Intel Match - IP Address
MATCH-S00559 Traffic to Honeypot IP
LEGACY-S00165 VBS file downloaded from Internet
MATCH-S00557 Web Request to IP Address
MATCH-S00566 Web Request to Punycode Domain

Log Mappers

Log Mapper ID Log Mapper Name
96abb286-51a6-4b19-a62d-2898e8ac31dd PAN CEF Threat - vulnerability
5c59cf9e-246f-48a8-a5e2-d98d1313a449 PAN Cef Traffic
be2becc7-9827-46a6-b2bd-16f6a6b30ea7 PAN Threat
06cfc165-4b33-458f-8102-e918363cd2e0 Palo Alto Correlation
b28e6ee8-063a-4a97-975f-aba5a6161c98 Palo Alto Correlation - Custom Parser
edcfa819-4c92-4691-b612-600852bd48d6 Palo Alto GlobalProtect - Custom Parser
76081f53-a146-4a95-9049-799d0cdd9385 Palo Alto HIP Match - Custom Parser
eb14b638-feef-4a47-bb79-e0fdce546233 Palo Alto HipMatch
5f1d11d0-edec-4ed9-a829-0f8c159d2276 Palo Alto System
e78a34a9-2db5-456b-92c7-d95689f1638f Palo Alto System - Custom Parser
fa4028ba-0c1d-4fb3-a152-6e65e0b5200e Palo Alto System Auth - Custom Parser
e61ee715-8c2a-4c8d-924c-97c323d548de Palo Alto System Auth Failure Variant 1
db5da849-ca7c-4cfd-b2f6-bd80d37f5b52 Palo Alto System Auth Failure Variant 2
4a274f0a-ca36-4053-9d40-56d414be726a Palo Alto System Auth Failure Variant 3
932213d6-7432-4d0c-8c5b-7b2a0bcfa534 Palo Alto System Auth Failure Variant 4
6cad15c5-3f0b-411d-b94a-9bad082f54ed Palo Alto System Auth Failure Variant 5
dab88b2d-ca9b-4152-9f50-5090540e1dba Palo Alto System Auth Failure Variant 6
082b3e5e-db67-4dec-baf4-789fc6ce44b1 Palo Alto System Auth Success Variant 1
d361e68b-1ca7-423f-a739-3bf64cdcf5bc Palo Alto System Auth Success Variant 2
89adf56d-0e3a-4c41-9ab3-299da1c800ea Palo Alto System Auth Success Variant 3
9d9dc0d2-56ce-4ea4-8f24-eb9fd636c7d9 Palo Alto System Auth Success Variant 4
31d1edba-0306-46d3-8284-556ec45cd2a0 Palo Alto System Auth Success Variant 5
91e59967-bf60-4f76-90d8-4c277010ebf1 Palo Alto Threat
c7d1f7ef-5ef8-464d-b483-d4539c1db75a Palo Alto Threat Data - Custom Parser
e69b5d13-5862-430a-a47d-5e9afd51b957 Palo Alto Threat File - Custom Parser
7f58d5e0-3efe-4b92-be17-9e8760e3ee4e Palo Alto Threat Flood - Custom Parser
cbd41736-9ba9-4442-bbd4-525a38dadb49 Palo Alto Threat Packet - Custom Parser
03a073b1-75da-404e-b221-a3fac810632a Palo Alto Threat Scan - Custom Parser
779cdb4d-382c-4f25-9c9d-0bc59721fd8c Palo Alto Threat Spyware - Custom Parser
09ed1bbd-bea6-46b0-b4a0-f830bf73ca8c Palo Alto Threat URL Filtering - Custom Parser
ebdfc811-612b-48ed-ab66-abc2ca8b9c89 Palo Alto Threat Virus - Custom Parser
52351529-dfdd-4f70-8d0f-1321cf55a61f Palo Alto Threat Vulnerability - Custom Parser
d6a48aaf-c3e2-4f10-98ce-3821eec55002 Palo Alto Threat Wildfire - Custom Parser
c459d102-6709-424a-b9a0-69932ea9f5e5 Palo Alto Threat Wildfire Virus - Custom Parser
41d55260-cd9c-4932-8909-9c9e43666f1f Palo Alto Traffic
f4ccf8eb-1cf4-4427-9b06-3d79271a4d83 Palo Alto Traffic - Custom Parser
1b0609f0-44bd-4333-bf67-dcbfe20cf855 Palo Alto Traps - Custom Parser
399d3be9-38be-4308-9940-93ff89793a0e Palo Alto User Config
15a0eebc-36eb-4ef2-9bd8-0d69224ba462 Palo Alto User ID
a509a0b7-d91a-405a-ab6c-9ff4285041a5 Palo Alto UserID Login - Custom Parser
9fd65404-2524-4859-8877-e44c97538415 Palo Alto UserID Logout - Custom Parser