Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Playbooks/PaloAlto-PAN-OS/PaloAltoCustomConnector
История
Smitha Sundareswaran 578261d38b Incorporate suggested changes 2022-03-30 23:12:10 -07:00
..
PAN-OS_CustomConnector.png New connectors+playbooks (#2118) 2021-04-26 11:30:21 -07:00
azuredeploy.json Incorporate suggested changes 2022-03-30 23:12:10 -07:00
readme.md Update readme.md 2021-10-22 23:19:48 +05:30

readme.md

PAN-OS Logic Apps Custom connector

This custom connector connects to PAN-OS service end point and performs defined automated actions on the PAN-OS firewall

drawing

Authentication methods this connector supports

  • API Key authentication

Prerequisites for deploying Custom Connector

  1. PAN-OS service end point should be known. (e.g. https://{paloaltonetworkdomain})
  2. Generate an API key. Refer this link on how to generate the API Key

Actions supported by Palo-Alto custom connector

Component Description
List security rules Retrieves a list of all security rules within a specified location in the firewall
Create a security policy rule Creates a new security policy rule in the firewall
List custom url categories Retrieves a list of all URL filtering category information within a specified location in the firewall
List address objects Retrieves a list of all address objects within a specified location in the firewall
Create an address object Creates an address object depending on type : IP address or URL address
Updates an address object updates an address object depending on type : IP address or URL address
List address groups Retrieves a list of all address object groups within a specified location in the firewall
Create an address object group Creates a new address object group in the firewall
Updates an address object group Adds/Removes an address object group in the firewall (add/remove objects to the exiting group)
List URL filtering security profiles Retrieves a list of all URL filtering security profiles in the firewall
Update URL filtering security profiles Updates URL filtering security profiles in the firewall (add/remove objects to the exiting security profile)

Deployment instructions

  1. Deploy the Custom Connector by clicking on "Deploy to Azure" button. This will take you to deplyoing an ARM Template wizard.
  2. Fill in the required parameters:
    • Custom Connector Name : Enter the Custom connector name (e.g. contoso PAN-OS connector)
    • Service Endpoint : Enter the PAN-OS service end point (e.g. https://{paloaltonetworkdomain}.net)

Deploy to Azure Deploy to Azure Gov

Usage Examples

  • List security policy rules from PAN-OS through playbook.
  • creates address objects of malicious IP/URL on PAN-OS through playbook.
  • Add IP to address groups through playbook.