The Palo Alto Networks Panorama connector integrates with the Palo Alto Networks® Panorama and supports containment actions such as blocking URLs or IP addresses on the devices configured on Panorama.
This document provides information about the Palo Alto Networks Panorama connector, which facilitates automated interactions with Palo Alto Networks® Panorama using FortiSOAR™ playbooks. Add the Palo Alto Networks Panorama connector as a step in FortiSOAR™ playbooks and perform automated operations, such as blocking or unblocking URLs, IP addresses, or applications that you have specified and retrieving a list of connected firewalls from Panorama.
Connector Version: 3.0.0
Authored By: Community
Certified: No
Following enhancements have been made to the Palo Alto Networks Panorama connector in version 3.0.0:
Added new configuration parameters 'Device Group Name', 'Rule Type', and 'Verify SSL'
Updated the following configuration parameters to be optional:
Security Policy Name For Blocking URL
URL Group
Security Policy Name For Blocking Application
Application Group.
Fixed a bug with the 'Block URL' and 'Unblock URL' actions, which were failing if an invalid or unexpected action was specified.
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root user to install connectors from an SSH session:
yum install cyops-connector-palo-alto-networks-panorama
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Content Hub (or Connector Store) page, click the Manage tab, and then click the Palo Alto Networks Panorama connector card. On the connector popup, click the Configurations tab to enter the required configuration details.
| Parameter | Description |
|---|---|
| Server URL | URL of the Palo Alto Networks® Panorama server to which you will connect and perform automated operations. |
| Username | Username to access the Palo Alto Networks® Panorama server to which you will connect and perform automated operations. |
| Password | Password to access the Palo Alto Networks® Panorama server to which you will connect and perform automated operations. |
| Device Group Name | Name of the device group on which you want to perform operations. Enter shared in this field for a shared location. |
| Rule Type | Select rule type, either Pre-rule or Post-rule, where the policy is configured. |
| Security Policy Name For Blocking IP | Name of the security policy that you have already configured on the Palo Alto Networks® Panorama server to block IP addresses. |
| Address Group | Name of the address group that is linked to the specified security policy to block IP addresses. |
| Security Policy Name For Blocking URL | Name of the security policy that you have already configured on the Palo Alto Networks® Panorama server to block URLs. |
| URL Group | Name of the URL group that is linked to the specified security policy to block IP URLs. |
| Security Policy Name For Blocking Application | Name of the security policy that you have already configured on the Palo Alto Networks® Panorama server to block applications. |
| Application Group | Name of the application group that is linked to the specified security policy to block applications. |
| Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations:
| Function | Description | Annotation and Category |
|---|---|---|
| Block IP | Blocks the IP address that you have specified on all or selected devices configured on Palo Alto Networks® Panorama. | block_ip Containment |
| Unblock IP | Unblocks the IP address that you have specified on all or selected devices configured on Palo Alto Networks® Panorama. | unblock_ip Remediation |
| Block URL | Blocks the URL that you have specified on all or selected devices configured on Palo Alto Networks® Panorama. | block_url Containment |
| Unblock URL | Unblocks the URL that you have specified on all or selected devices configured on Palo Alto Networks® Panorama. | unblock_url Remediation |
| Block Application | Blocks the application that you have specified on all or selected devices configured on Palo Alto Networks® Panorama. | block_app Containment |
| Unblock Application | Unblocks the application that you have specified on all or selected devices configured on Palo Alto Networks® Panorama. | unblock_app Remediation |
| Get Connected Firewalls | Retrieves a list of all configured firewalls from Palo Alto Networks® Panorama. |
firewall_list |
| Get Device Groups | Retrieves a list of all the device groups or details of specific device groups from Palo Alto Networks® Panorama based on the device group name you have specified. |
get_device_groups Investigation |
| Get Application Groups | Retrieves a list of all the application groups or details of specific application groups from Palo Alto Networks® Panorama based on the application group name you have specified. | get_application_groups
Investigation |
| Parameter | Description |
|---|---|
| IP Address | The IP address that you want to block using Palo Alto Networks® Panorama |
| Device group to configure | The device group on which you want to block the IP address. |
The output contains a non-dictionary value.
| Parameter | Description |
|---|---|
| IP Address | The IP address to unblock using Palo Alto Networks® Panorama |
| Device group to configure | The device group on which you want to block the IP address. |
The output contains a non-dictionary value.
| Parameter | Description |
|---|---|
| URL | The URL that you want to block using Palo Alto Networks® Panorama. |
| Device group to configure | The device group on which you want to block the URL. |
The output contains a non-dictionary value.
| Parameter | Description |
|---|---|
| URL | The URL that you want to unblock using Palo Alto Networks® Panorama. |
| Device group to configure | The device group on which you want to unblock the URL. |
The output contains a non-dictionary value.
| Parameter | Description |
|---|---|
| Application Name | The name of the application that you want to block using Palo Alto Networks® Panorama. |
| Device group to configure | The device group on which you want to block the application. |
The output contains a non-dictionary value.
| Parameter | Description |
|---|---|
| Application Name | The name of the application that you want to unblock using Palo Alto Networks® Panorama. |
| Device group to configure | The device group on which you want to unblock the application. |
The output contains a non-dictionary value.
None.
The output contains the following populated JSON schema:
{
"response": {
"result": {
"devices": {
"entry": {
"vsys": {
"entry": {
"@name": "",
"display-name": "",
"shared-policy-md5sum": "",
"shared-policy-status": ""
}
},
"sw-version": "",
"unsupported-version": "",
"custom-certificate-usage": "",
"connected-at": "",
"multi-vsys": "",
"av-version": "",
"vpn-disable-mode": "",
"certificate-status": "",
"threat-version": "",
"domain": "",
"hostname": "",
"connected": "",
"global-protect-client-package-version": "",
"logdb-version": "",
"model": "",
"certificate-subject-name": "",
"deactivated": "",
"wildfire-version": "",
"certificate-expiry": "",
"url-filtering-version": "",
"ip-address": "",
"serial": "",
"@name": "",
"url-db": "",
"operational-mode": "",
"family": "",
"app-version": "",
"uptime": ""
}
}
},
"@status": ""
}
}
| Parameter | Description |
|---|---|
| Device Group Name | (Optional) The name of the device group for which you want to retrieve details from Palo Alto Networks® Panorama. |
The output contains the following populated JSON schema:
{
"response": {
"result": {
"@total-count": "",
"@count": "",
"device-group": {
"entry": {
"address-group": {
"entry": {
"@name": "",
"static": {
"member": [
{
"#text": "",
"@time": "",
"@dirtyId": "",
"@admin": ""
}
],
"@time": "",
"@dirtyId": "",
"@admin": ""
},
"@time": "",
"@dirtyId": "",
"@admin": ""
},
"@time": "",
"@dirtyId": "",
"@admin": ""
},
"address": {
"entry": [
{
"@name": "",
"ip-netmask": ""
}
],
"@time": "",
"@dirtyId": "",
"@admin": ""
},
"devices": {
"entry": {
"@name": ""
}
},
"profiles": {
"url-filtering": {
"entry": {
"action": "",
"@name": "",
"credential-enforcement": {
"mode": {
"disabled": ""
},
"log-severity": ""
},
"description": "",
"block-list": {
"member": []
}
}
}
},
"@admin": "",
"@name": "",
"@time": "",
"application-group": "",
"@dirtyId": ""
},
"@time": "",
"@dirtyId": "",
"@admin": ""
}
},
"@code": "",
"@status": ""
}
}
| Parameter | Description |
|---|---|
| Application Group Name | (Optional) The name of the application group for which you want to retrieve details from Palo Alto Networks® Panorama. |
The output contains the following populated JSON schema:
{
"response": {
"result": {
"@total-count": "",
"application-group": {
"entry": {
"members": {
"member": [
{
"#text": "",
"@time": "",
"@dirtyId": "",
"@admin": ""
},
{
"#text": "",
"@time": "",
"@dirtyId": "",
"@admin": ""
}
],
"@time": "",
"@dirtyId": "",
"@admin": ""
},
"@name": "",
"@time": "",
"@dirtyId": "",
"@admin": ""
},
"@time": "",
"@dirtyId": "",
"@admin": ""
},
"@count": ""
},
"@code": "",
"@status": ""
}
}
The Sample - Palo Alto Networks Panorama - 3.0.0 playbook collection comes bundled with the Palo Alto Networks Panorama connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Palo Alto Networks Panorama connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
The Palo Alto Networks Panorama connector integrates with the Palo Alto Networks® Panorama and supports containment actions such as blocking URLs or IP addresses on the devices configured on Panorama.
This document provides information about the Palo Alto Networks Panorama connector, which facilitates automated interactions with Palo Alto Networks® Panorama using FortiSOAR™ playbooks. Add the Palo Alto Networks Panorama connector as a step in FortiSOAR™ playbooks and perform automated operations, such as blocking or unblocking URLs, IP addresses, or applications that you have specified and retrieving a list of connected firewalls from Panorama.
Connector Version: 3.0.0
Authored By: Community
Certified: No
Following enhancements have been made to the Palo Alto Networks Panorama connector in version 3.0.0:
Added new configuration parameters 'Device Group Name', 'Rule Type', and 'Verify SSL'
Updated the following configuration parameters to be optional:
Security Policy Name For Blocking URL
URL Group
Security Policy Name For Blocking Application
Application Group.
Fixed a bug with the 'Block URL' and 'Unblock URL' actions, which were failing if an invalid or unexpected action was specified.
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root user to install connectors from an SSH session:
yum install cyops-connector-palo-alto-networks-panorama
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Content Hub (or Connector Store) page, click the Manage tab, and then click the Palo Alto Networks Panorama connector card. On the connector popup, click the Configurations tab to enter the required configuration details.
| Parameter | Description |
|---|---|
| Server URL | URL of the Palo Alto Networks® Panorama server to which you will connect and perform automated operations. |
| Username | Username to access the Palo Alto Networks® Panorama server to which you will connect and perform automated operations. |
| Password | Password to access the Palo Alto Networks® Panorama server to which you will connect and perform automated operations. |
| Device Group Name | Name of the device group on which you want to perform operations. Enter shared in this field for a shared location. |
| Rule Type | Select rule type, either Pre-rule or Post-rule, where the policy is configured. |
| Security Policy Name For Blocking IP | Name of the security policy that you have already configured on the Palo Alto Networks® Panorama server to block IP addresses. |
| Address Group | Name of the address group that is linked to the specified security policy to block IP addresses. |
| Security Policy Name For Blocking URL | Name of the security policy that you have already configured on the Palo Alto Networks® Panorama server to block URLs. |
| URL Group | Name of the URL group that is linked to the specified security policy to block IP URLs. |
| Security Policy Name For Blocking Application | Name of the security policy that you have already configured on the Palo Alto Networks® Panorama server to block applications. |
| Application Group | Name of the application group that is linked to the specified security policy to block applications. |
| Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations:
| Function | Description | Annotation and Category |
|---|---|---|
| Block IP | Blocks the IP address that you have specified on all or selected devices configured on Palo Alto Networks® Panorama. | block_ip Containment |
| Unblock IP | Unblocks the IP address that you have specified on all or selected devices configured on Palo Alto Networks® Panorama. | unblock_ip Remediation |
| Block URL | Blocks the URL that you have specified on all or selected devices configured on Palo Alto Networks® Panorama. | block_url Containment |
| Unblock URL | Unblocks the URL that you have specified on all or selected devices configured on Palo Alto Networks® Panorama. | unblock_url Remediation |
| Block Application | Blocks the application that you have specified on all or selected devices configured on Palo Alto Networks® Panorama. | block_app Containment |
| Unblock Application | Unblocks the application that you have specified on all or selected devices configured on Palo Alto Networks® Panorama. | unblock_app Remediation |
| Get Connected Firewalls | Retrieves a list of all configured firewalls from Palo Alto Networks® Panorama. |
firewall_list |
| Get Device Groups | Retrieves a list of all the device groups or details of specific device groups from Palo Alto Networks® Panorama based on the device group name you have specified. |
get_device_groups Investigation |
| Get Application Groups | Retrieves a list of all the application groups or details of specific application groups from Palo Alto Networks® Panorama based on the application group name you have specified. | get_application_groups
Investigation |
| Parameter | Description |
|---|---|
| IP Address | The IP address that you want to block using Palo Alto Networks® Panorama |
| Device group to configure | The device group on which you want to block the IP address. |
The output contains a non-dictionary value.
| Parameter | Description |
|---|---|
| IP Address | The IP address to unblock using Palo Alto Networks® Panorama |
| Device group to configure | The device group on which you want to block the IP address. |
The output contains a non-dictionary value.
| Parameter | Description |
|---|---|
| URL | The URL that you want to block using Palo Alto Networks® Panorama. |
| Device group to configure | The device group on which you want to block the URL. |
The output contains a non-dictionary value.
| Parameter | Description |
|---|---|
| URL | The URL that you want to unblock using Palo Alto Networks® Panorama. |
| Device group to configure | The device group on which you want to unblock the URL. |
The output contains a non-dictionary value.
| Parameter | Description |
|---|---|
| Application Name | The name of the application that you want to block using Palo Alto Networks® Panorama. |
| Device group to configure | The device group on which you want to block the application. |
The output contains a non-dictionary value.
| Parameter | Description |
|---|---|
| Application Name | The name of the application that you want to unblock using Palo Alto Networks® Panorama. |
| Device group to configure | The device group on which you want to unblock the application. |
The output contains a non-dictionary value.
None.
The output contains the following populated JSON schema:
{
"response": {
"result": {
"devices": {
"entry": {
"vsys": {
"entry": {
"@name": "",
"display-name": "",
"shared-policy-md5sum": "",
"shared-policy-status": ""
}
},
"sw-version": "",
"unsupported-version": "",
"custom-certificate-usage": "",
"connected-at": "",
"multi-vsys": "",
"av-version": "",
"vpn-disable-mode": "",
"certificate-status": "",
"threat-version": "",
"domain": "",
"hostname": "",
"connected": "",
"global-protect-client-package-version": "",
"logdb-version": "",
"model": "",
"certificate-subject-name": "",
"deactivated": "",
"wildfire-version": "",
"certificate-expiry": "",
"url-filtering-version": "",
"ip-address": "",
"serial": "",
"@name": "",
"url-db": "",
"operational-mode": "",
"family": "",
"app-version": "",
"uptime": ""
}
}
},
"@status": ""
}
}
| Parameter | Description |
|---|---|
| Device Group Name | (Optional) The name of the device group for which you want to retrieve details from Palo Alto Networks® Panorama. |
The output contains the following populated JSON schema:
{
"response": {
"result": {
"@total-count": "",
"@count": "",
"device-group": {
"entry": {
"address-group": {
"entry": {
"@name": "",
"static": {
"member": [
{
"#text": "",
"@time": "",
"@dirtyId": "",
"@admin": ""
}
],
"@time": "",
"@dirtyId": "",
"@admin": ""
},
"@time": "",
"@dirtyId": "",
"@admin": ""
},
"@time": "",
"@dirtyId": "",
"@admin": ""
},
"address": {
"entry": [
{
"@name": "",
"ip-netmask": ""
}
],
"@time": "",
"@dirtyId": "",
"@admin": ""
},
"devices": {
"entry": {
"@name": ""
}
},
"profiles": {
"url-filtering": {
"entry": {
"action": "",
"@name": "",
"credential-enforcement": {
"mode": {
"disabled": ""
},
"log-severity": ""
},
"description": "",
"block-list": {
"member": []
}
}
}
},
"@admin": "",
"@name": "",
"@time": "",
"application-group": "",
"@dirtyId": ""
},
"@time": "",
"@dirtyId": "",
"@admin": ""
}
},
"@code": "",
"@status": ""
}
}
| Parameter | Description |
|---|---|
| Application Group Name | (Optional) The name of the application group for which you want to retrieve details from Palo Alto Networks® Panorama. |
The output contains the following populated JSON schema:
{
"response": {
"result": {
"@total-count": "",
"application-group": {
"entry": {
"members": {
"member": [
{
"#text": "",
"@time": "",
"@dirtyId": "",
"@admin": ""
},
{
"#text": "",
"@time": "",
"@dirtyId": "",
"@admin": ""
}
],
"@time": "",
"@dirtyId": "",
"@admin": ""
},
"@name": "",
"@time": "",
"@dirtyId": "",
"@admin": ""
},
"@time": "",
"@dirtyId": "",
"@admin": ""
},
"@count": ""
},
"@code": "",
"@status": ""
}
}
The Sample - Palo Alto Networks Panorama - 3.0.0 playbook collection comes bundled with the Palo Alto Networks Panorama connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Palo Alto Networks Panorama connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
