Palo Alto Panorama

Version: 3.0.0

Panorama is the centralized management system for the Palo Alto Networks family of next-generation firewalls. It provides a single location from which you can oversee all applications, users, and content traversing your network, and then use this knowledge to create policies that protect and control the network.

Connect Palo Alto Panorama with LogicHub

  1. Navigate to Automations > Integrations.
  2. Search for Palo Alto Panorama.
  3. Click Details, then the + icon. Enter the required information in the following fields.
    • Label: Enter a connection name.
    • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
    • Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
    • Remote Agent: Run this integration using the LogicHub Remote Agent.
    • URL: URL to your Palo Alto Panorama instance.
    • API Key: The API key to connect to the Palo Alto Panorama.
  4. After you've entered all the details, click Connect.

Actions for Palo Alto Panorama

Execute Panorama Command

Execute any panorama command supported in API.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
TypeThe request type.Required
XPathSet location using xpath example, /config/predefined/application/entry[@name='hotmail'].Required
Log typeThe type of log.Required
Report TypeThe type of report.Required
Report NameName of report.Required
CategoryCategory parameter.Required
CmdUsed for operations commands. Cmd specifies the xml struct that defines the command.Required
CommandCommand to run.Required
DestinationDestination for command.Required
ElementNew value of an object.Required
FromStart time.Required
ToEnd time.Required
Search TimeThe time that the PCAP was received on the firewall.Required
WhereSpecifies the type of a move operation.Required
PeriodA time period e.g. last-24-hrs.Required
PCap IDThe PCap ID in threat log.Required
Serial NumberThe serial number of the device.Required
ParamsThe rest of the parameters to API in JSON format.Required

Get Threat By Id

Get threat details by its id.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Threat IdJinja-templated text containing threat id.Required

Output

A JSON object returning the status of the request.

{
  "result": {
    "response": {
      "status": "success",
      "result": {
        "entry": {
          "id": "1030",
          "name": "Seekmo Download .CAB",
          "description": "This signature detects the runtime behavior of the spyware Seekmo.Seekmo is a 180Solutions adware variant that tracks user browsing activity and passes user information such as seach keywords to its controlling server, and generates advertisements according to that.",
          "severity": "low",
          "subtype": "Unknown",
          "reference": {
            "member": [
              "http://www.spywareguide.com/product_show.php?id=28",
              "http://www.bleepingcomputer.com/startups/seekmo-140.html"
            ]
          }
        }
      }
    },
    "has_error": false,
    "error": null
  },
  "stdout": "",
  "stderr": ""
}

Release Notes

  • v3.0.0 - Updated architecture to support IO via filesystem
  • v2.1.1 - Added new action Get Threat By Id.
  • v2.0.1 - Added documentation link in the automation library.

© 2017-2021 LogicHub®. All Rights Reserved.