Palo Alto Networks Knowledgebase: Threat ID Ranges in the Palo Alto Networks Content Database

Threat ID Ranges in the Palo Alto Networks Content Database

20357
Created On 08/05/19 19:21 PM - Last Updated 08/05/19 19:48 PM
Threat Intelligence Threat Prevention
Resolution

Overview

This document describes the general threat ID ranges in the Palo Alto Networks content database.

 

Details

Anti-Virus Signatures

  • PE: 2000000 - 2900000
  • PDF: 1100000 - 1102000
  • Android File Format (APK): 1000000 - 1015000
  • DNS: 4000000 - 4100000
  • Office/RTF: 1110000 - 1140000
  • JAVA Class: 1250000 - 1253000
  • Flash: 1270000 - 1273000
  • OpenOffice: 1210000 - 1225000
  • SWFZWS: 6000000 - 6000500
  • PKG: 1050000 - 1055000
  • MACH-O: 1060000 - 1062000
  • APP: 1070000 - 1071000
  • DMG: 6010000 - 6015000

 

WildFire Public Cloud Signatures

  • PE: 3000000 - 3100000
  • PDF: 3100000 - 3101000
  • Android File Format (APK): 3110000 - 3112000
  • DNS: 3800000 - 3840000
  • Office/RTF: 3130000 - 3135000
  • JAVA Class: 3140000 - 3141000
  • Flash: 3150000 - 3151000
  • OpenOffice: 3160000 - 3162500
  • Wildfire Suspicious DNS Signatures: 3800000 - 4999999
  • SWFZWS: 6200000 - 6200500
  • PKG: 3400000 - 3401000
  • MACH-O: 3402000 - 3402500
  • APP: 3404000 - 3404500
  • DMG: 6205000 - 6206000

 

WildFire Private Cloud (WF-500) Signatures

  • PE: 5000000 - 5100000
  • PDF: 5200000 - 5300000
  • Flash: 5300000 - 5400000
  • Office: 5400000 - 5500000
  • RTF: 560000 - 5650000
  • JAVA Class: 5650000 - 5700000
  • DNS: 5800000 - 6000000

 

Spyware Signatures

  • Threat ID range: 10000- 29999
  • Additional Threat ID range added for PAN-OS 7.1 and newer: 80001 - 99999
  • Custom threat ID range: 15000 - 18000
  • Custom DNS Signature Block List: Generic threat ID 12000000
  • Categories in spyware: Adware, Backdoor, Botnet, Browser, Browser-hijack, Data-Theft, Keylogger, Net-Worm and Spyware

 

Vulnerability Signatures

  • Threat ID range: 30000- 45000
  • Additional Threat ID range added for PAN-OS 7.1 and newer: 54001 - 59999
  • Custom threat ID range: 41000 - 45000
  • Categories in vulnerability: Brute-force, Code Execution, DoS, Info-leak, Overflow and SQL Injection

 

File types

https://live.paloaltonetworks.com/t5/Configuration-Articles/FileType-list-with-the-Threat-ID-number/ta-p/56119

 

 

owner: kadak



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm3CCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language