WireLurkerDetector

Script for detecting the WireLurker malware family

minemeld

Main MineMeld documentation repo

ansible-pan

Ansible modules for Palo Alto Networks NGFWs

pan-os-python

The PAN-OS SDK for Python is a package to help interact with Palo Alto Networks devices (including physical and virtualized Next-generation Firewalls and Panorama). The pan-os-python SDK is object oriented and mimics the traditional interaction with the device via the GUI or CLI/API.

minemeld-core

Engine of MineMeld

iron-skillet

IronSkillet is a set of day-one configuration templates for PAN-OS to enable alignment with security best practices. See the Quick Start section below to get started using the template configurations.

terraform-templates

This repo contains Terraform templates to deploy infrastructure on AWS and Azure and to secure them using the Palo Alto Networks Next Generation Firewalls

azure

VM-Series ARM Templates for Microsoft Azure

Splunk-Apps

Palo Alto Networks App for Splunk leverages the data visibility provided by Palo Alto Networks next-generation firewalls and endpoint security with Splunk's extensive investigation and visualization capabilities to deliver an advanced security reporting and analysis tool.

pan-os-ansible

Ansible collection for PAN-OS

aws-elb-autoscaling

Auto Scaling VM-Series firewalls in AWS

aws

VM-Series for Amazon Web Services

minemeld-ansible

Ansible playbook for installing MineMeld on Linux

InstallerHijackingVulnerabilityScanner

research-notes

aws-transit-vpc

automated AWS transit vpc

minemeld-webui

WebUI of MineMeld

terraform-provider-panos

Terraform Panos provider

pango

pango is the underlying library for the Palo Alto Networks Terraform provider

minemeld-node-prototypes

Prototypes for MineMeld nodes

TransitGatewayDeployment

Creates a Transit Gateway with two server VPCs and a security VPC

pan-cortex-data-lake-python

Python idiomatic SDK for Cortex™ Data Lake.

evident-custom-signatures

Evident Security Platform Custom Signatures Samples

panhandler

Panhandler is a tool to manage config snippets and Skillets for PAN-OS devices

pan-fca

Flexible Cloud Automation

report_to_misp

Parse a report and import the events into MISP

autofocus-lenz

A command line utility to aid in using autofocus for IR and research

azure-applicationgateway

Scale out security for web deployments using VM-Series firewalls and Azure Application Gateway web load balancer

ansible-playbooks

Sample playbooks for the Palo Alto Networks Ansible modules.

ReferenceArchitectures

Palo Alto Networks Reference Architectures

gaia

Aporeto API (Elemental model)

Prisma-Enhanced-Remediation

Create custom auto-remediation solutions using serverless functions in the cloud.

evident-automation

Evident Security Platform Automation

minemeld-misp

MineMeld nodes for MISP

autofocus-client-library

A python client library for interfacing with the autofocus rest services

pan-stix

pan-stix

Azure-Transit-VNet

Azure security with VM-Series in a hub-and-spoke architecture

openstack-templates

VM-Series Firewalls on OpenStack

Kubernetes

Repository for Palo Alto Networks Kubernetes Security - CN Series.

Splunk_TA_paloalto

The Palo Alto Networks Add-on for Splunk allows a Splunk® Enterprise or Splunk Cloud administrator to collect data from Palo Alto Networks Next-Generation Firewall devices and Advanced Endpoint Protection.

pantools

A collection of pre-installed tools commonly used with Palo Alto Networks products packaged as a Docker container

terraform-provider-prismacloud-orig

Terraform provider for Prisma Cloud

SafeNetworking

Read only mirror. To contribute or submit issues, please go to the website link --->

misp-to-autofocus

Script for pulling events from a MISP database and converting them to Autofocus queries.

pyjarm

pyJARM is a library for doing JARM fingerprinting using python

prisma-cloud-policies

PCS Policies Release Notice

aws-alb-sandwich

AWS ALB Sandwich with VM-Series

pcs-postman

Postman collections for Prisma Cloud

GCP-Terraform-Samples

minemeld-docker

Official Palo Alto Networks MineMeld docker

gcp-two-tier

VM-Series templates for Google Cloud Platform

terraform-ansible-intro

Introduction to Terraform and Ansible

terraform-provider-prismacloud

Terraform PrismaCloud provider

reference_architecture_automation

Terraform, Ansible, and Python scripts that implement Palo Alto Networks Reference Architectures through automation.

panos-bootstrapper-ui

PAN-OS Bootstrapper UI provides a simple, example web-UI that consumes the PAN-OS Bootstrapper utility API.

panos-bootstrapper

A Utility to bootstrap a new PAN-OS NGFW. This utility provides an API only. An example web interface is provided here: https://github.com/PaloAltoNetworks/panos-bootstrapper-ui

appframeworklab

Next Generation Firewall AWS Lab

azure-autoscaling

Azure autoscaling solution using VMSS

Splunk-App-Data-Generator

Sample data generator for the Splunk for Palo Alto Networks app.

pcs-sizing-scripts

Prisma Cloud sizing scripts

cn-series-deploy

A set of Terraform plans for deploying a Kubernetes cluster protected by a CN-Series containerize firewall

cn-series-helm

This repo is for deploying CN-series firewall using Helm Package Manager for Kubernetes

multicloud-automation-lab

Multi-Cloud Security Automation Lab

GCP-k8s-north-south-inspection-and-east-west-visibility

ciscoise-miner

Cisco ISE session miner using pxGrid bulk download REST API

youtube-miner

MineMeld Miner for Youtube channels

AWS-GWLB-VMSeries

This repository contains CFT and TF templates for deploying VM-Series Firewalls behind AWS Gateway Load Balancer

PrismaCloud_TF_BulkOnboarding_and_AWS_Orgs

pan_google_next_istio_lab

This repo contains a lab which demonstrates the use of the Palo Alto Networks Security adapter for Istio

pancloud-nodejs

Palo Alto Networks Application Framework NodeJS SDK

PAN_DUG

Dynamic User Group code for Palo Alto Networks devices

ignite2018-how16

repo for ignite 2018 hand on lab

XFF-to-User-ID-mapping

This solution maps XFF header source IP to User-ID allowing for blocking malicious sources when the VM-Series is behind a device that performs source NAT such as a load balancer.

pan-python-tools

A collection of utilities that users of pan-python might find useful

terraform-iac-lab

Infrastructure as Code lab using Terraform and GCP

Prisma-Cloud-DevOps-Security

PrismaCloud-Serverless-Syslog

Prisma Cloud serverless function that can accept webhook and send alerts to syslog, S3, and SQS

HomeSkillet

Simple 2-zone internet gateway configuration for home use

AKS-k8s-north-south-inspection

microsoft_azure_virtual_wan

Implements the automation and integration framework to work with Azure Virtual WAN's and PANW to create VPN connections.

Azure-interface-options

Azure VM-Series options including differing interfaces

Azure-FW-4-Interfaces-

Repo created to support the deployment of a 4 interface Palo Alto Networks firewall (1-MGMT and 3-Dataplane) into an existing Microsoft Azure environment.

Intel-Framework

Intel Importer

secops_ctf_scoreboard

alert_tags_acctgrp

Prisma Cloud alert csv output plus tags and account group names

Azure-HA-Deployment

This Azure HA Template Allows Launching an Additional VM-Series into a Resource Group.

minemeld-msgraph-secapi

MineMeld nodes for Microsoft Graph Security API

redlock-automation

gridmeld

Cisco ISE pxGrid to Palo Alto Networks MineMeld Gateway

OracleCloud

Sample Terraform template for deploying VM-Series on Oracle Cloud Infrastructure

pan-tort

pan_guard_duty

minemeld-taxii-ng

New TAXII Miner for MineMeld

terraform-best-practices

A set of best practices to be followed when contributing to the Palo Alto Networks terraform modules

ansible-lab

A hands-on lab showing how to use the PAN-OS Ansible modules.

GCP-AutoScaling

Google Cloud Auto Scaling Available Now

panos.pan.dev

PAN-OS® for Developers site

aws-traffic-mirroring

Detect and respond to attacks in AWS by sending packets to VM-Series without putting the firewall inline

PrismaCFNOnboarding

Cloudformation Script to onboard accounts to Redlock

GPSkillets

GlobalProtect Quick Configs

istio

This repository contains the various integrations of the Palo Alto Networks Security adapter for Istio

SkilletBuilder

Docs and tutorial for Skillet template building

Skillets

Skillets is the default holding place for useful Panhandler skillets. These are usually smaller one-off bits that may not require their own repository. Feel free to add to this repository with your own Skillets via a PR.

azure-availability-zone

Deploys the VM-Series in Azure into an Availability Zone

terraform-aws-panos-module

Terraform Module to Deploy PAN-OS firewall to AWS

pandevice-tutorial

Palo Alto Networks Device Framework Jupyter Notebook Tutorial

sfntools

Azure-FW-3-Interfaces-

Repo created to support the deployment of a 3 interface Palo Alto Networks firewall (1-MGMT and 2-Dataplane) into an existing Microsoft Azure environment.

azure-vm-monitoring

azure-new-v2

cisco-aci-devicepackage

Issue tracking for the Palo Alto Networks Cisco ACI Device Package

PANW-test-drive

a collection of scripts that make PaloAltoNetworks test drive

aws-elbhelper

Very targeted script that allows update of the FW NAT rules based on the dynamic AWS' ELB VIP changes

qwiklabs

Palo Alto Networks Qwiklabs

tcpsession

A python library to extract TCP sessions from PCAPs.

custom-imaging

Create custom VM-Series images on public cloud with upgraded PanOS, Plugin and Content versions

prisma-cloud-go

Prisma Cloud SDK in Go

prisma-access-skillets

Suite of skillets for initial Prisma Access deployment and configuration

terraform-azurerm-panos-bootstrap

Creates a PAN-OS bootstrap package in Microsoft Azure.

skilletlib

Tools and base classes for working with Skillets. Issues and feature requests are tracked here: https://gitlab.com/panw-gse/as/skilletlib/-/issues

iac-scan-rules

aws-eks

NetSecOpenSkillet

pan-custom-signatures

A group of custom vulnerability signatures from various authors.

ignite2019-how14

Repo for ignite how lab

vistoq

MSSP Demo Portal - Art of the Possible

pan-cnc

CNC: Chevy's, not Cadillacs. Rapid UI prototyping for all Palo Alto Networks WWSE demos and pocs.

app-f-oauth2-shared

Application Frameworks OAUTH2 Shared Component implementation as a AWS Lambda Function

Azure-OutboundHA-StandardLB

pan_nlb_v1

This is the V1 (CFT) template to deploy an NLB architecture to AWS.

Azure-Bootstrap

multi-ip

firebreak-box

firebreak: Fight fire with WildFire

RegionalTrainings2021

Palo-Azure-SACA

SCCA implementation for Palo Alto Networks on Azure

terraform-panos-dag-nia

sdwan

SD-WAN configuration templates

terraform-iac-demo

IaC demo using Terraform Cloud

iot-automated-solution

set of configuration, validation, and scripts for IoT deployment and traffic generation

aws-ha-cft

For use with AWS HA Improvements

community-health-test5

test

cn-series-lab

CN-Series Qwiklab

advanced_deployment

VM-Series Advanced Deployment for GCP Qwiklab

prisma-cloud-compute

prisma-cloud-ansible

Ansible collection for Prisma Cloud

aws_security_hub

Integration of IOC from AWS Security Hub with the VM-Series Firewall

terraform-aws-panos-bootstrap

This Terraform Module creates a PAN-OS bootstrap package in an AWS S3 bucket to be used for bootstrapping Palo Alto Networks VM-Series virtual firewall instances.

Server-Hardening-Signatures

Signatures for Palo Alto Networks to detect improperly hardened servers

prisma.pan.dev

prisma_cloud

Qwiklab-Prisma Cloud Compute: Securing GKE Run Time

passport-cortex

A PassportJS strategy for Palo Alto Networks Cortex

minemeld-prisma-access

Miner for Prisma Access API

.github

Default community health files for all Palo Alto Networks public repositories

K12Skillet

The K-12 Skillet is indented for K-12 educational deployment configuration of the Palo Alto Networks NGFW

pan-talon

Reports and tools for performing various assessments

ansible-role-spatula

This Ansible role applies security best practice templates to Palo Alto Networks devices.

Example_Skillets

A collection of Example Skillets including terraform, REST, python, and PAN-OS skillets

GCP-VM-Series-k8s-Prisma-Cloud-API

Deploys k8s cluster, VM-Series for N/S and E/W inspection and guides the use of the Prisma Cloud API scan of Manifest

azure-aks

Azure Kubernetes Service Security Solution

cortex-security-guidelines

Partner Security Guidelines for Cortex Apps

pan_aws_security_hub

This implementation integrates the AWS Security Hub insights and makes it actionable on the VM-Series FW.

minemeld-wd-atp

MineMeld nodes for MSFT WD ATP API

ignite18-GCP-Labs

gcp_terraform_ignite2018

This repo contains Terraform templates to deploy a PAN VM-Series FW into GCP.

cloud-automation-demo

This repo enables you to perform cloud automation demos using Terraform or Ansible

wildcardip-miner

MineMeld Miner extension to expand IPv4 wildcards into list of corresponding CDIR's

AzureNSG

Update Azure NSG to quarantine hosts based upon trigger from FW threat log

Azure-China

Azure China solution template

azure-load-balancer2

minemeld-cef

MineMeld Output node for CEF format

azure-load-balancer1

azure-vnet

SyncServiceNow

A proof of concept to demonstrate synchronization of server assets and their attributes from ServiceNow into registered IP tags and dynamic address groups on a Palo Alto Networks next-generation firewall.

panos-query-scripts

scripts to query information from a PAN-OS NGFW

cis-benchmarks

test repo for CIS audits

ps-regional-2021-aws-labs

Materials for PS Regional Training AWS lab

ibmcloud-panorama

PANW Panorama Terraform template for IBM Cloud deployments

ibmcloud-vmseries

PANW VM-Series FW Terraform template for IBM Cloud

Alibaba-deploy-NGFW-from-MarketPlace

host-defender-token-refresher

pcs-alert-rpt-email

Generates alert report via email - reporting on top risks in last 24 hrs, top high risks and all risks, then breakdown by account. Also top 5 policies by count.

cn-series-hackathon-helm

Modified version of the CN-Series-Helm Repo. This will only create 1 MP.

ibmcloud

cn-series-hackathon

GSP490

Qwiklab- Palo Alto Networks VM-Series Firewall: Securing the GKE Perimeter

security-as-code-qwiklab

sac-lab

terraform-panos-ag-dag-nia

prismacloud_sqs_to_syslog

PrismaCloud-AcctGrps-Labels

prisma-cloud-circleci-orb

panorama-orchestration

panos-logging-skillets

Suite of helper skillets and playbooks to simplify and validate Cortex Data Lake deployments

Prisma_Cloud_AWS_Onboard

Azure-HA-AutoLaunch

Auto Launch templates for Azure HA

prisma-cloud-defender

AccountGroupUpdate

skillet_ansible

Ansible collection for Skillets

transfer-go-dependency

autoscale

VM-Series AutoScale Qwiklab

PublicSector

Resources for World Wide Public Sector customers

Splunk-Docs

Source for the documentation of the Splunk App and Add-on

pan-cortex-xdr-nodejs

NodeJS / Javascript / TypeScript language binding for the XDR PRO API

splunkdev-watchman

A docker image to reload Splunk apps on changes during Splunk app development

pan-cortex-hub-java

Palo Alto Networks Cortex hub client library

pan-cortex-hub-nodejs

Palo Alto Networks Cortex hub client library

pan-cortex-data-lake-java

Palo Alto Networks Cortex Data Lake client library

pan-cortex-data-lake-nodejs

Palo Alto Networks Cortex Data Lake client library

terraform-google-panos-bootstrap

This Terraform Module creates a PAN-OS bootstrap package in a Google Cloud Storage bucket.

panw-gse.skillets

Ansible roles and libraries for working with PAN-OS, Panorama, and Pan-Validation Skillets

TrafficTest

testing traffic

onboard_aws_prisma

squidproxy

This repository contains squid proxy patch to make it work with the decryption broker feature. This repo also has a brief documentation about how to make squid proxy work with decryption broker feature in order to send traffic to an ICAP server for inspection.

cortex.pan.dev

Cortex® for Developers

pan.dev

Palo Alto Networks for Developers

AWS-TGW-Panorama-bootstrap

BlackHat

Code for Black Hat Projects

GPCSskillets

Onboarding and configuration skillets for GPCS

rl_export_policies

Script for exporting RedLock policies and their associated RQL into a CSV output file.

gcp_marketplace_istio_adapter

This repo contains the configuration files to build and deploy the Palo Alto Networks Istio adapter into the GCP/Kubernetes market place

MobileSkillet

Mobile configuration templates to create logging for safenetworking

ansible-role-vmware-dagger

An Ansible role that synchronizes VMware vCenter virtual machine IP addresses and tags with PAN-OS.

mssp-templates

repeatable jinja templates for mssp services

ansible-role-entrapment

An Ansible role for deploying the Palo Alto Networks Traps agent

pan-tort-source

Source code for using Autofocus (and other applications) to discern hash coverage of known and unknown artifacts.

ignite18-multicloud-automation

Multi-Cloud Automation HOW

fqdn-service

FQDN Serverless Service

AzureStack

Sample template for deploying VM-Series for AzureStack

pancloud-tutorial

PAN Cloud Python SDK Tutorial

automation-utility-vm

Packer and Ansible project to build an automation utility vm

azure-germany

nuage-connector

minemeld-threatconnect

MineMeld extension for ThreatConnect

APIC-EPG-DAG-Update

Script to read learned Cisco APIC EPG Endpoints and update PANW dynamic address groups.

AWSSG

Update AWS SG to quarantine hosts based upon trigger from FW threat log Edit Add topics

budapest-beta

Templates and such for VM-Series' PAN-OS 8.1 (aka Budapest) beta in public clouds (AWS, Azure, Google Cloud)

Azure-China-7.1.1

Networking-Scripts

Networking Scripts

nsx-ngfw-version-match

Upgrade all NSX-based VM-1000-HV firewalls to the same version

cfn-vm-series-helper-demo

demo demo