Custom Vulnerability Signatures Skillet

Curator: Richard Porter

This skillet adds a collection of custom vulnerability signatures:

• HTTP Response Codes (Threat ID 41000 - 59)
• Detect XP User-Agent String (Threat ID 41060)
• Detect Active FTP (Threat ID 41061)
• Detect FTP get CMD (Threat ID 41062)
• Detect FTP put CMD (Threat ID 41063)
• Improperly hardened Apache service (Threat ID 41064)
• Improperly hardened IIS service (Threat ID 41065)
• Improperly hardened nginx service (Threat ID 41066)
• Improperly hardened PHP installation (Threat ID 41067)
• TLS 1.0 Server Response (Threat ID 41068)
• TLS 1.1 Server Response (Threat ID 41069)
• Improperly hardened ASP installation (Threat ID 41070)

For more information on Status Codes, RFC2616, and or PANOS Vulnerability Engine see:

• Reference on Status Codes
• RFC2616 HTTP Codes
• RFC959 FTP
• Custom Vulnerability Signatures KB
• Video Example: Custom Vulnerability Signatures
• Custom Signatures Tech Note

Support Policy

The code and templates in the repo are released under an as-is, best effort, support policy. These scripts should be seen as community supported and Palo Alto Networks will contribute our expertise as and when possible. We do not provide technical support or help in using or troubleshooting the components of the project through our normal support options such as Palo Alto Networks support teams, or ASC (Authorized Support Centers) partners and backline support options. The underlying product used (the VM-Series firewall) by the scripts or templates are still supported, but the support is only for the product functionality and not for help in deploying or using the template or script itself. Unless explicitly tagged, all projects or work posted in our GitHub repository (at https://github.com/PaloAltoNetworks) or sites other than our official Downloads page on https://support.paloaltonetworks.com are provided under the best effort policy.