About Palo Alto
Palo Alto Networks, Inc. has pioneered the next generation of network security with an innovative platform that allows you to secure your network and safely enable an increasingly complex and rapidly growing number of applications. Panorama™ network security management empowers you with easy-to-implement, consolidated policy creation, and centralized management features. Set up and control firewalls centrally with industry-leading functionality and an efficient rule base, and gain insight into network-wide traffic and threats.
SIRP’s integration with Palo Alto Panorama allows security teams to execute response actions right from SIRP.
SIRP’s Palo Alto integration app allows you to execute the following actions:
Block IP as Source
Block an IP Address as Source on Panorama
Unblock IP Address as source
Unblock an IP Address as Source on Panorama
Block IP as Destination
Block an IP Address as Destination on Panorama
Unblock IP as Destination
Unblock an IP Address as Destination on Panorama
Block URL on Panorama
Unblock URL on Panorama
Enable API Access
Create an API User on Palo Alto
Select an Admin Role profile.
Go to Device > Admin Roles and select or create an admin role.
Select features available to the admin role.
Select the XML API tab.
Enable or disable XML API features from the list, such as Report, Log, and Configuration.
Select OK to confirm your change.
To Assign the admin role to an administrator account.
See Configure an Administrative Account.
Get Your API Key
To use the API, you must generate the API key required for authenticating API calls.
To generate an API key, make a GET or POST request to the firewall’s hostname or IP addresses using the administrative credentials and type=keygen:
curl -k -X GET 'https://<firewall>/api/?type=keygen&user=<username>&password=<password>'
curl -k -X POST 'https://<firewall>/api/?type=keygen&user=<username>&password=<password>'
A successful API call returns status="success" along with the API key within the key element:
Copy the API key to use in the App configuration.
Enable and Configure Palo Alto App
Configure Palo Alto App
1. Next, log in to SIRP, then go to Apps from the left navigation bar
2. Locate the app named Palo Alto Panorama
3. Enable the Palo Alto app by clicking on the toggle button under the Status column.
4. As soon as you enable the App, you will get an option to add the configuration details. Add the following information and click Save:
a. IP: <IP address of Palo Alto Panorama>
b. API Key: <API Key copied from Palo Alto>
After the last step, you should be able to execute the Palo Alto actions on-demand or through Playbooks to block and unblock IP addresses and URLs.