Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[OSCD Initiative] Develop Responder for Palo Alto NGFW #855

Closed
yugoslavskiy opened this issue Sep 14, 2020 · 9 comments · Fixed by #886 or #991
Closed

[OSCD Initiative] Develop Responder for Palo Alto NGFW #855

yugoslavskiy opened this issue Sep 14, 2020 · 9 comments · Fixed by #886 or #991
Assignees
@jeromeleonard
Labels
category:feature-request Issue is related to a feature request category:new-responder
Milestone
3.0.0

Comments

@yugoslavskiy
Copy link
Contributor

Feature description

Responder for Palo Alto NGFW that would be able to execute the following Response Actions:

  • RA3101: Block external IP address
  • RA3102: Block internal IP address
  • RA3103: Block external domain
  • RA3104: Block internal domain
  • RA3105: Block external URL
  • RA3106: Block internal URL
  • RA3107: Block port external communication
  • RA3108: Block port internal communication
  • RA3109: Block user external communication
  • RA3110: Block user internal communication
  • RA5101: Unblock blocked IP
  • RA5102: Unblock blocked domain
  • RA5103: Unblock blocked URL
  • RA5104: Unblock blocked port
  • RA5105: Unblock blocked user

Describe the solution you'd like

Access to Palo Alto NGFW via its API using one of the following projects:

or any other alternatives.

Additional context

Most probably the listed Response Actions will require pre-configured Security Policies (rules) that would be 1:1 mapped to the Response Actions. This way Cortext will just update these rules during the execution.
@yugoslavskiy yugoslavskiy added the category:feature-request Issue is related to a feature request label Sep 14, 2020
@yugoslavskiy yugoslavskiy changed the title [OSCD Initiative] Develop Palo Alto NGFW Responder [OSCD Initiative] Develop Responder for Palo Alto NGFW Sep 14, 2020
@jeromeleonard jeromeleonard self-assigned this Sep 25, 2020
@yugoslavskiy
Copy link
Contributor Author

Hello @jeromeleonard ! Are you going to work on the issue? I am also interested in this one, how about a collab? (:

@Konakin
Copy link

Konakin commented Oct 19, 2020

Hello.
today, i got access to Palo Alto NGFW and i want create TheHive Responders. And i agree to collab :)
I can write to telegram.

@Konakin
Copy link

Konakin commented Oct 19, 2020

https://github.com/staf711/oscd_thehive_PaloAltoNGFW

@Konakin
Copy link

Konakin commented Oct 20, 2020

hello.
i want complete all responser today.

@Konakin
Copy link

Konakin commented Oct 20, 2020

i have problems with:

  1. Block user
  2. Unblock user
    https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-new-features/user-id-features/dynamic-user-groups
    in my test Palo Alto NGFW don't have any user and i can't step 5 in instruction (Register Users).

and i have problem with "Unblock blocked URL". I don't khown how delete url in list, but add i can.

If you know how to solve tihs problems, please tell me.

@Konakin
Copy link

Konakin commented Oct 21, 2020

Hello.
Plese see pull#886.

next step: change logic and add rules for:

  1. IP address
  2. domains
  3. URL(s)
  4. ports
  5. users

@yugoslavskiy
Copy link
Contributor Author

Hello @Konakin! I've commented on your PR (: Let's proceed with the discussion there.

@jeromeleonard jeromeleonard linked a pull request Nov 18, 2020 that will close this issue
[OSCD Initiative] Add response for PaloAltoNGFW #886
Merged
@aw350m33d aw350m33d mentioned this issue May 2, 2021
Open
5 tasks
@staf711 staf711 mentioned this issue May 24, 2021
Merged
4 tasks
@nadouani nadouani added this to the 3.0.0 milestone Jul 21, 2021
@jeromeleonard jeromeleonard linked a pull request Jul 21, 2021 that will close this issue
[OSCD Sprint #2] Final Pull Request / Summary #991
Merged
4 tasks
@jeromeleonard
Copy link
Contributor

Thank you for your PR. We merged the related PR. Please consider translating the readme file from RU to EN.

Thanks.

@staf711
Copy link
Contributor

staf711 commented Aug 18, 2021

@jeromeleonard, hi.
Sory i am late, but i translated README for PaloAlto responder #1025

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jeromeleonard jeromeleonard

Labels
category:feature-request Issue is related to a feature request category:new-responder
Projects
None yet
Milestone
3.0.0
5 participants
@nadouani @jeromeleonard @yugoslavskiy @staf711 @Konakin