Palo Alto Networks Knowledgebase: Threat ID Ranges in the Palo Alto Networks Content Database

Threat ID Ranges in the Palo Alto Networks Content Database

(1440 Views)
Created On 09/26/18 19:13 PM - Last Updated 09/26/18 20:38 PM
Categories:  Threat Intelligence,  Threat Prevention

Issue:


Solution:


Overview

This document describes the general threat ID ranges in the Palo Alto Networks content database.

 

Details

Anti-Virus Signatures

  • PE: 2000000 - 2900000
  • PDF: 1100000 - 1102000
  • Android File Format (APK): 1000000 - 1010000
  • DNS: 4000000 - 4100000
  • Office2003/RTF: 1200000 - 1202000
  • JAVA Class: 1250000 - 1253000
  • Flash: 1270000 - 1273000
  • MS Office2007 or later: 1210000 - 1211000
  • SWFZWS: 6000000 - 6000500
  • PKG: 1050000 - 1051000
  • MACH-O: 1060000 - 1062000
  • APP: 1070000 - 1071000
  • DMG: 6010000 - 6015000

 

WildFire Public Cloud Signatures

  • PE: 3000000 - 3100000
  • PDF: 3100000 - 3101000
  • Android File Format (APK): 3110000 - 3111000
  • DNS: 3800000 - 3804000
  • Office2003/RTF: 3130000 - 3131000
  • JAVA Class: 3140000 - 3141000
  • Flash: 3150000 - 3151000
  • MS Office2007 or later: 3160000 - 3161000
  • Wildfire Suspicious DNS Signatures: 3800000 - 4999999
  • SWFZWS: 6200000 - 6200500
  • PKG: 3400000 - 3400500
  • MACH-O: 3402000 - 3402500
  • APP: 3404000 - 3404500
  • DMG: 6205000 - 6206000

 

WildFire Private Cloud (WF-500) Signatures

  • PE: 5000000 - 5100000
  • PDF: 5200000 - 5300000
  • Flash: 5300000 - 5400000
  • MS Office: 5400000 - 5600000
  • RTF: 5600000 - 5650000
  • JAVA Class: 5650000 - 5700000
  • DNS: 5800000 - 6000000

 

Spyware Signatures

  • Threat ID range: 10000- 29999
  • Additional Threat ID range added for PAN-OS 7.1 and newer: 80001 - 99999
  • Custom threat ID range: 15000 - 18000
  • Custom DNS Signature Block List: Generic threat ID 12000000
  • Categories in spyware: Adware, Backdoor, Botnet, Browser, Browser-hijack, Data-Theft, Keylogger, Net-Worm and Spyware

 

Vulnerability Signatures

  • Threat ID range: 30000- 45000
  • Additional Threat ID range added for PAN-OS 7.1 and newer: 54001 - 59999
  • Custom threat ID range: 41000 - 45000
  • Categories in vulnerability: Brute-force, Code Execution, DoS, Info-leak, Overflow and SQL Injection

 

File types

https://live.paloaltonetworks.com/t5/Configuration-Articles/FileType-list-with-the-Threat-ID-number/ta-p/56119

 

 

owner: kadak

Attachments:

Actions:
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm3CCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Change Language: