WireLurkerDetector

Script for detecting the WireLurker malware family

minemeld

Main MineMeld documentation repo

pan-os-python

The PAN-OS SDK for Python is a package to help interact with Palo Alto Networks devices (including physical and virtualized Next-generation Firewalls and Panorama). The pan-os-python SDK is object oriented and mimics the traditional interaction with the device via the GUI or CLI/API.

ansible-pan

Ansible modules for Palo Alto Networks NGFWs

minemeld-core

Engine of MineMeld

iron-skillet

IronSkillet is a set of day-one configuration templates for PAN-OS to enable alignment with security best practices. See the Quick Start section below to get started using the template configurations.

terraform-templates

This repo contains Terraform templates to deploy infrastructure on AWS and Azure and to secure them using the Palo Alto Networks Next Generation Firewalls

azure

VM-Series ARM Templates for Microsoft Azure

pan-os-ansible

Ansible collection for easy automation of Palo Alto Networks next generation firewalls and Panorama, in both physical and virtual form factors.

Splunk-Apps

Palo Alto Networks App for Splunk leverages the data visibility provided by Palo Alto Networks next-generation firewalls and endpoint security with Splunk's extensive investigation and visualization capabilities to deliver an advanced security reporting and analysis tool.

aws-elb-autoscaling

Auto Scaling VM-Series firewalls in AWS

aws

VM-Series for Amazon Web Services

minemeld-ansible

Ansible playbook for installing MineMeld on Linux

InstallerHijackingVulnerabilityScanner

terraform-provider-panos

Terraform Panos provider

pango

pango is the underlying library for the Palo Alto Networks Terraform provider

research-notes

aws-transit-vpc

automated AWS transit vpc

minemeld-webui

WebUI of MineMeld

ansible-playbooks

Sample playbooks for the Palo Alto Networks Ansible modules.

minemeld-node-prototypes

Prototypes for MineMeld nodes

pan-cortex-data-lake-python

Python idiomatic SDK for Cortex™ Data Lake.

panhandler

Panhandler is a tool to manage config snippets and Skillets for PAN-OS devices

TransitGatewayDeployment

Creates a Transit Gateway with two server VPCs and a security VPC

evident-custom-signatures

Evident Security Platform Custom Signatures Samples

pan-fca

Flexible Cloud Automation

report_to_misp

Parse a report and import the events into MISP

azure-applicationgateway

Scale out security for web deployments using VM-Series firewalls and Azure Application Gateway web load balancer

bahamut

Go library to build an API server based on an Elemental model

autofocus-lenz

A command line utility to aid in using autofocus for IR and research

Prisma-Enhanced-Remediation

Create custom auto-remediation solutions using serverless functions in the cloud.

prisma-cloud-policies

PCS Policies Release Notice

terraform-provider-prismacloud

Terraform PrismaCloud provider

ReferenceArchitectures

Palo Alto Networks Reference Architectures

tg

Certificate generation made easy

gaia

Aporeto API (Elemental model)

pcs-postman

Postman collections for Prisma Cloud

Kubernetes

Repository for Palo Alto Networks Kubernetes Security - CN Series.

evident-automation

Evident Security Platform Automation

pyjarm

pyJARM is a library for doing JARM fingerprinting using python

Azure-Transit-VNet

Azure security with VM-Series in a hub-and-spoke architecture

minemeld-misp

MineMeld nodes for MISP

autofocus-client-library

A python client library for interfacing with the autofocus rest services

pan-stix

pan-stix

openstack-templates

VM-Series Firewalls on OpenStack

regolithe

Regolithe Specifications + Dev Tools

manipulate

Go library to perform CRUD operations on an Elemental model with multiple backend implementations

Splunk_TA_paloalto

The Palo Alto Networks Add-on for Splunk allows a Splunk® Enterprise or Splunk Cloud administrator to collect data from Palo Alto Networks Next-Generation Firewall devices and Advanced Endpoint Protection.

elemental

Go library implementing the Regolithe specifications as Elemental model

AWS-GWLB-VMSeries

This repository contains CFT and TF templates for deploying VM-Series Firewalls behind AWS Gateway Load Balancer

pantools

A collection of pre-installed tools commonly used with Palo Alto Networks products packaged as a Docker container

pcs-sizing-scripts

Prisma Cloud sizing scripts

terraform-provider-prismacloud-orig

Terraform provider for Prisma Cloud

SafeNetworking

Read only mirror. To contribute or submit issues, please go to the website link --->

misp-to-autofocus

Script for pulling events from a MISP database and converting them to Autofocus queries.

reference_architecture_automation

Terraform, Ansible, and Python scripts that implement Palo Alto Networks Reference Architectures through automation.

wsc

wsc is a library that allows to interact with web sockets using channels.

aws-alb-sandwich

AWS ALB Sandwich with VM-Series

GCP-Terraform-Samples

minemeld-docker

Official Palo Alto Networks MineMeld docker

terraform-ansible-intro

Introduction to Terraform and Ansible

appframeworklab

Next Generation Firewall AWS Lab

gcp-two-tier

VM-Series templates for Google Cloud Platform

cn-series-deploy

A set of Terraform plans for deploying a Kubernetes cluster protected by a CN-Series containerize firewall

multicloud-automation-lab

Multi-Cloud Security Automation Lab

panos-bootstrapper

A Utility to bootstrap a new PAN-OS NGFW. This utility provides an API only. An example web interface is provided here: https://github.com/PaloAltoNetworks/panos-bootstrapper-ui

cn-series-helm

This repo is for deploying CN-series firewall using Helm Package Manager for Kubernetes

panos-bootstrapper-ui

PAN-OS Bootstrapper UI provides a simple, example web-UI that consumes the PAN-OS Bootstrapper utility API.

azure-autoscaling

Azure autoscaling solution using VMSS

phoenix

Phoenix is a library based on bahamut to build hook servers.

addedeffect

Utils is a package that contains various shared utilities tools for Aporeto micro services

youtube-miner

MineMeld Miner for Youtube channels

Splunk-App-Data-Generator

Sample data generator for the Splunk for Palo Alto Networks app.

pan-os-php

Framework and utilities to easily manage and edit Palo Alto Network PANOS devices

Prisma-Cloud-DevOps-Security

pancloud-nodejs

Palo Alto Networks Application Framework NodeJS SDK

GCP-k8s-north-south-inspection-and-east-west-visibility

ciscoise-miner

Cisco ISE session miner using pxGrid bulk download REST API

midgard-lib

go client for Midgard authentication

prisma-cloud-scan

GitHub action to scan container images with Palo Alto Networks' Prisma Cloud

terraform-best-practices

A set of best practices to be followed when contributing to the Palo Alto Networks terraform modules

terraform-azurerm-vmseries-modules

Terraform Reusable Modules for VM-Series on Azure

terraform-iac-lab

Infrastructure as Code lab using Terraform and GCP

pan_google_next_istio_lab

This repo contains a lab which demonstrates the use of the Palo Alto Networks Security adapter for Istio

HomeSkillet

Simple 2-zone internet gateway configuration for home use

oidc-mock

Simple server to handle OIDC flow

microsoft_azure_virtual_wan

Implements the automation and integration framework to work with Azure Virtual WAN's and PANW to create VPN connections.

PAN_DUG

Dynamic User Group code for Palo Alto Networks devices

ignite2018-how16

repo for ignite 2018 hand on lab

XFF-to-User-ID-mapping

This solution maps XFF header source IP to User-ID allowing for blocking malicious sources when the VM-Series is behind a device that performs source NAT such as a load balancer.

pan-python-tools

A collection of utilities that users of pan-python might find useful

prisma.pan.dev

The home of Developer docs for Prisma by Palo Alto Networks

PrismaCloud-Serverless-Syslog

Prisma Cloud serverless function that can accept webhook and send alerts to syslog, S3, and SQS

PrismaCFNOnboarding

Cloudformation Script to onboard accounts to Redlock

AKS-k8s-north-south-inspection

pan-tort

Azure-interface-options

Azure VM-Series options including differing interfaces

Azure-FW-4-Interfaces-

Repo created to support the deployment of a 4 interface Palo Alto Networks firewall (1-MGMT and 3-Dataplane) into an existing Microsoft Azure environment.

Intel-Framework

Intel Importer

secops_ctf_scoreboard

alert_tags_acctgrp

Prisma Cloud alert csv output plus tags and account group names

iac-scan-rules

Skillets

Skillets is the default holding place for useful Panhandler skillets. These are usually smaller one-off bits that may not require their own repository. Feel free to add to this repository with your own Skillets via a PR.

Azure-HA-Deployment

This Azure HA Template Allows Launching an Additional VM-Series into a Resource Group.

minemeld-msgraph-secapi

MineMeld nodes for Microsoft Graph Security API

redlock-automation

gridmeld

Cisco ISE pxGrid to Palo Alto Networks MineMeld Gateway

OracleCloud

Sample Terraform template for deploying VM-Series on Oracle Cloud Infrastructure

pandevice-tutorial

Palo Alto Networks Device Framework Jupyter Notebook Tutorial

mtlsproxy

Simple mtls HTTPs proxy to use as a sidecar for protecting non critical services

pan_guard_duty

minemeld-taxii-ng

New TAXII Miner for MineMeld

aws-elbhelper

Very targeted script that allows update of the FW NAT rules based on the dynamic AWS' ELB VIP changes

custom-imaging

Create custom VM-Series images on public cloud with upgraded PanOS, Plugin and Content versions

ansible-lab

A hands-on lab showing how to use the PAN-OS Ansible modules.

prisma-cloud-go

Prisma Cloud SDK in Go

prisma-access-skillets

Suite of skillets for initial Prisma Access deployment and configuration

terraform-azurerm-panos-bootstrap

Creates a PAN-OS bootstrap package in Microsoft Azure.

prisma_cloud

Qwiklab-Prisma Cloud Compute: Securing GKE Run Time

skilletlib

Tools and base classes for working with Skillets. Issues and feature requests are tracked here: https://gitlab.com/panw-gse/as/skilletlib/-/issues

GCP-AutoScaling

Google Cloud Auto Scaling Available Now

panos.pan.dev

PAN-OS® for Developers site

aws-traffic-mirroring

Detect and respond to attacks in AWS by sending packets to VM-Series without putting the firewall inline

GPSkillets

GlobalProtect Quick Configs

istio

This repository contains the various integrations of the Palo Alto Networks Security adapter for Istio

SkilletBuilder

Docs and tutorial for Skillet template building

azure-availability-zone

Deploys the VM-Series in Azure into an Availability Zone

sfntools

Azure-FW-3-Interfaces-

Repo created to support the deployment of a 3 interface Palo Alto Networks firewall (1-MGMT and 2-Dataplane) into an existing Microsoft Azure environment.

azure-vm-monitoring

azure-new-v2

cisco-aci-devicepackage

Issue tracking for the Palo Alto Networks Cisco ACI Device Package

PANW-test-drive

a collection of scripts that make PaloAltoNetworks test drive

pan-os-php-windows-package

Windows package for framework PAN-OS-PHP

host-defender-token-refresher

qwiklabs

Palo Alto Networks Qwiklabs

tcpsession

A python library to extract TCP sessions from PCAPs.

cn-series-hackathon

iot-automated-solution

set of configuration, validation, and scripts for IoT deployment and traffic generation

prisma-cloud-ansible

Ansible collection for Prisma Cloud

terraform-aws-panos-bootstrap

This Terraform Module creates a PAN-OS bootstrap package in an AWS S3 bucket to be used for bootstrapping Palo Alto Networks VM-Series virtual firewall instances.

aws-eks

NetSecOpenSkillet

pan-custom-signatures

A group of custom vulnerability signatures from various authors.

rl_export_policies

Script for exporting RedLock policies and their associated RQL into a CSV output file.

ignite2019-how14

Repo for ignite how lab

cortex-security-guidelines

Partner Security Guidelines for Cortex Apps

vistoq

MSSP Demo Portal - Art of the Possible

pan-cnc

CNC: Chevy's, not Cadillacs. Rapid UI prototyping for all Palo Alto Networks WWSE demos and pocs.

app-f-oauth2-shared

Application Frameworks OAUTH2 Shared Component implementation as a AWS Lambda Function

Azure-OutboundHA-StandardLB

pan_nlb_v1

This is the V1 (CFT) template to deploy an NLB architecture to AWS.

Azure-Bootstrap

multi-ip

firebreak-box

firebreak: Fight fire with WildFire

prisma-cloud-compute-go

Prisma Cloud Compute SDK in Go

panos-query-scripts

scripts to query information from a PAN-OS NGFW

cis-benchmarks

CIS benchmark quickplay for rapid assessments of the NGFW

ps-regional-2021-aws-labs

Materials for PS Regional Training AWS lab

RegionalTrainings2021

ibmcloud-panorama

PANW Panorama Terraform template for IBM Cloud deployments

ibmcloud-vmseries

PANW VM-Series FW Terraform template for IBM Cloud

Palo-Azure-SACA

SCCA implementation for Palo Alto Networks on Azure

cn-series-hackathon-helm

Modified version of the CN-Series-Helm Repo. This will only create 1 MP.

terraform-panos-dag-nia

sdwan

SD-WAN configuration templates

terraform-iac-demo

IaC demo using Terraform Cloud

aws-ha-cft

For use with AWS HA Improvements

community-health-test5

test

skillet_ansible

Ansible collection for Skillets

cn-series-lab

CN-Series Qwiklab

advanced_deployment

VM-Series Advanced Deployment for GCP Qwiklab

prisma-cloud-compute

Splunk-Docs

Source for the documentation of the Splunk App and Add-on

aws_security_hub

Integration of IOC from AWS Security Hub with the VM-Series Firewall

pan-cortex-xdr-nodejs

NodeJS / Javascript / TypeScript language binding for the XDR PRO API

Server-Hardening-Signatures

Signatures for Palo Alto Networks to detect improperly hardened servers

passport-cortex

A PassportJS strategy for Palo Alto Networks Cortex

cortex.pan.dev

Cortex® for Developers

pan.dev

Palo Alto Networks for Developers

remod

Easier go modules developer workflow

minemeld-prisma-access

Miner for Prisma Access API

.github

Default community health files for all Palo Alto Networks public repositories

K12Skillet

The K-12 Skillet is indented for K-12 educational deployment configuration of the Palo Alto Networks NGFW

pan-talon

Reports and tools for performing various assessments

ansible-role-spatula

This Ansible role applies security best practice templates to Palo Alto Networks devices.

Example_Skillets

A collection of Example Skillets including terraform, REST, python, and PAN-OS skillets

GCP-VM-Series-k8s-Prisma-Cloud-API

Deploys k8s cluster, VM-Series for N/S and E/W inspection and guides the use of the Prisma Cloud API scan of Manifest

azure-aks

Azure Kubernetes Service Security Solution

gcp_marketplace_istio_adapter

This repo contains the configuration files to build and deploy the Palo Alto Networks Istio adapter into the GCP/Kubernetes market place

pan_aws_security_hub

This implementation integrates the AWS Security Hub insights and makes it actionable on the VM-Series FW.

minemeld-wd-atp

MineMeld nodes for MSFT WD ATP API

ignite18-GCP-Labs

gcp_terraform_ignite2018

This repo contains Terraform templates to deploy a PAN VM-Series FW into GCP.

cloud-automation-demo

This repo enables you to perform cloud automation demos using Terraform or Ansible

wildcardip-miner

MineMeld Miner extension to expand IPv4 wildcards into list of corresponding CDIR's

AzureNSG

Update Azure NSG to quarantine hosts based upon trigger from FW threat log

Azure-China

Azure China solution template

azure-load-balancer2

minemeld-cef

MineMeld Output node for CEF format

azure-load-balancer1

azure-vnet

SyncServiceNow

A proof of concept to demonstrate synchronization of server assets and their attributes from ServiceNow into registered IP tags and dynamic address groups on a Palo Alto Networks next-generation firewall.

pcd

prisma_cloud_qwiklabs

ironskillet-components

IronSkillet sub-snippets used to create loadable configurations as playlists that may only use select configuration elements

ibmcloud-cn-series

This repo is for deploying CN-series firewall using Helm Package Manager for Kubernetes in IBM Cloud

terraform-provider-prismacloudcompute

Terraform provider for Prisma Cloud Compute

azure-terraform-vmseries-fast-ha-failover

Azure Load Balancer and HA Combined Deployment for Faster Failover with no API Calls

AWSOrchBeta

cn-series-as-service-lab

Alicloud-LB-Sandwich

This template deploys two VM-Series firewalls in a Load-Balancer Sandwich architecture in Alibaba Cloud using the VM-Series 10.0.3 image on Alibaba Cloud Marketplace.

qwiklabs-cn-v2

cn-series-lab-v2

panos-set-additional-threat-log

In PAN-OS 8.1.2, Palo Alto introduced additional threat logging that is enabled with an OP/CLI command. This application is a tool that allows you to enable the feature on multiple firewalls directly or through Panorama.

yang

qwiklabs-autoscale

GWLB-TGW-Hackathon

Fork of David Spears TGW-GWLB demo to use with CloudShare

panos-ansible-upgrade-downgrade

Ansible playbook to license the NGFW, install content updates, and install the required software version

Compare-CSV-Accounts-To-PCS-Tenant

Utilize a CSV list of accounts to see if a list of accounts exists in a Prisma Cloud tenant

Alibaba-deploy-NGFW-from-MarketPlace

pcs-alert-rpt-email

Generates alert report via email - reporting on top risks in last 24 hrs, top high risks and all risks, then breakdown by account. Also top 5 policies by count.

ibmcloud

GSP490

Qwiklab- Palo Alto Networks VM-Series Firewall: Securing the GKE Perimeter

security-as-code-qwiklab

sac-lab

terraform-panos-ag-dag-nia

prismacloud_sqs_to_syslog

Prisma Cloud SQS poller to syslog

PrismaCloud-AcctGrps-Labels

prisma-cloud-circleci-orb

panorama-orchestration

panos-logging-skillets

Suite of helper skillets and playbooks to simplify and validate Cortex Data Lake deployments

Prisma_Cloud_AWS_Onboard

Azure-HA-AutoLaunch

Auto Launch templates for Azure HA

prisma-cloud-defender

AccountGroupUpdate

transfer-go-dependency

autoscale

VM-Series AutoScale Qwiklab

PublicSector

Resources for World Wide Public Sector customers

splunkdev-watchman

A docker image to reload Splunk apps on changes during Splunk app development

pan-cortex-hub-java

Palo Alto Networks Cortex hub client library

pan-cortex-hub-nodejs

Palo Alto Networks Cortex hub client library

pan-cortex-data-lake-java

Palo Alto Networks Cortex Data Lake client library

pan-cortex-data-lake-nodejs

Palo Alto Networks Cortex Data Lake client library

terraform-google-panos-bootstrap

This Terraform Module creates a PAN-OS bootstrap package in a Google Cloud Storage bucket.

panw-gse.skillets

Ansible roles and libraries for working with PAN-OS, Panorama, and Pan-Validation Skillets

kafka-exporter-example

Kafka exporter based on events exporter code

TrafficTest

testing traffic

onboard_aws_prisma

squidproxy

This repository contains squid proxy patch to make it work with the decryption broker feature. This repo also has a brief documentation about how to make squid proxy work with decryption broker feature in order to send traffic to an ICAP server for inspection.

AWS-TGW-Panorama-bootstrap

BlackHat

Code for Black Hat Projects

GPCSskillets

Onboarding and configuration skillets for GPCS

MobileSkillet

Mobile configuration templates to create logging for safenetworking

ansible-role-vmware-dagger

An Ansible role that synchronizes VMware vCenter virtual machine IP addresses and tags with PAN-OS.

mssp-templates

repeatable jinja templates for mssp services

ansible-role-entrapment

An Ansible role for deploying the Palo Alto Networks Traps agent

pan-tort-source

Source code for using Autofocus (and other applications) to discern hash coverage of known and unknown artifacts.

ignite18-multicloud-automation

Multi-Cloud Automation HOW

fqdn-service

FQDN Serverless Service

AzureStack

Sample template for deploying VM-Series for AzureStack

pancloud-tutorial

PAN Cloud Python SDK Tutorial

automation-utility-vm

Packer and Ansible project to build an automation utility vm

azure-germany

nuage-connector

minemeld-threatconnect

MineMeld extension for ThreatConnect

APIC-EPG-DAG-Update

Script to read learned Cisco APIC EPG Endpoints and update PANW dynamic address groups.

AWSSG

Update AWS SG to quarantine hosts based upon trigger from FW threat log Edit Add topics

budapest-beta

Templates and such for VM-Series' PAN-OS 8.1 (aka Budapest) beta in public clouds (AWS, Azure, Google Cloud)

Azure-China-7.1.1

Networking-Scripts

Networking Scripts

nsx-ngfw-version-match

Upgrade all NSX-based VM-1000-HV firewalls to the same version

cfn-vm-series-helper-demo

demo demo