Palo Alto Panorama

Version: 2.1.1

Panorama is the centralized management system for the Palo Alto Networks family of next-generation firewalls. It provides a single location from which you can oversee all applications, users, and content traversing your network, and then use this knowledge to create policies that protect and control the network.

Connect Palo Alto Panorama with LogicHub

  1. Navigate to Automations > Integrations.
  2. Search for Palo Alto Panorama.
  3. Click Details, then the + icon. Enter the required information in the following fields.
    • Label: Enter a connection name.
    • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
    • Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
    • Remote Agent: Run this integration using the LogicHub Remote Agent.
    • URL: URL to your Palo Alto Panorama instance.
    • API Key: The API key to connect to the Palo Alto Panorama.
  4. After you've entered all the details, click Connect.

Actions for Palo Alto Panorama

Execute Panorama Command

Execute any panorama command supported in API.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Type

The request type.

Required

XPath

Set location using xpath example, /config/predefined/application/entry[@name='hotmail'].

Required

Log type

The type of log.

Required

Report Type

The type of report.

Required

Report Name

Name of report.

Required

Category

Category parameter.

Required

Cmd

Used for operations commands. Cmd specifies the xml struct that defines the command.

Required

Command

Command to run.

Required

Destination

Destination for command.

Required

Element

New value of an object.

Required

From

Start time.

Required

To

End time.

Required

Search Time

The time that the PCAP was received on the firewall.

Required

Where

Specifies the type of a move operation.

Required

Period

A time period e.g. last-24-hrs.

Required

PCap ID

The PCap ID in threat log.

Required

Serial Number

The serial number of the device.

Required

Params

The rest of the parameters to API in JSON format.

Required

Get Threat By Id

Get threat details by its id.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Threat Id

Jinja-templated text containing threat id.

Required

Output

A JSON object returning the status of the request.

{
  "result": {
    "response": {
      "status": "success",
      "result": {
        "entry": {
          "id": "1030",
          "name": "Seekmo Download .CAB",
          "description": "This signature detects the runtime behavior of the spyware Seekmo.Seekmo is a 180Solutions adware variant that tracks user browsing activity and passes user information such as seach keywords to its controlling server, and generates advertisements according to that.",
          "severity": "low",
          "subtype": "Unknown",
          "reference": {
            "member": [
              "http://www.spywareguide.com/product_show.php?id=28",
              "http://www.bleepingcomputer.com/startups/seekmo-140.html"
            ]
          }
        }
      }
    },
    "has_error": false,
    "error": null
  },
  "stdout": "",
  "stderr": ""
}

Release Notes

  • v2.1.1 - Added new action Get Threat By Id.
  • v2.0.1 - Added documentation link in the automation library.

Did this page help you?