The PAN-OS SDK for Python is a package to help interact with Palo Alto Networks devices (including physical and virtualized Next-generation Firewalls and Panorama). The pan-os-python SDK is object oriented and mimics the traditional interaction with the device via the GUI or CLI/API.
IronSkillet is a set of day-one configuration templates for PAN-OS to enable alignment with security best practices. See the Quick Start section below to get started using the template configurations.
Ansible collection for easy automation of Palo Alto Networks next generation firewalls and Panorama, in both physical and virtual form factors.
This repo contains Terraform templates to deploy infrastructure on AWS and Azure and to secure them using the Palo Alto Networks Next Generation Firewalls
Palo Alto Networks App for Splunk leverages the data visibility provided by Palo Alto Networks next-generation firewalls and endpoint security with Splunk's extensive investigation and visualization capabilities to deliver an advanced security reporting and analysis tool.
IAM-Deescalate helps mitigate privilege escalation risk in AWS identity and access management (IAM)
This repository contains CFT and TF templates for deploying VM-Series Firewalls behind AWS Gateway Load Balancer
A collection of technical and sales resources related to Prisma Cloud Compute and Prisma Cloud Enterprise created for the PANW Channel Partner Ecosystem and other engineers working with the solution
Test whether a container environment is vulnerable to container escapes via CVE-2022-0492
Create custom auto-remediation solutions using serverless functions in the cloud.
The Prisma Cloud CLI is a command line interface for Prisma Cloud by Palo Alto Networks.
A set of best practices to be followed when contributing to the Palo Alto Networks terraform modules
Scale out security for web deployments using VM-Series firewalls and Azure Application Gateway web load balancer
Example scripts, snippets, and other documents related to Prisma Cloud Compute
The Palo Alto Networks Add-on for Splunk allows a Splunk® Enterprise or Splunk Cloud administrator to collect data from Palo Alto Networks Next-Generation Firewall devices and Advanced Endpoint Protection.
Go library to perform CRUD operations on an Elemental model with multiple backend implementations
A set of Terraform plans for deploying a Kubernetes cluster protected by a CN-Series containerize firewall
Terraform Reusable Modules for VM-Series on Google Cloud Platform (GCP)
This repo is for deploying CN-series firewall using Helm Package Manager for Kubernetes
A collection of pre-installed tools commonly used with Palo Alto Networks products packaged as a Docker container
Prisma Cloud serverless function that can accept webhook and send alerts to syslog, S3, and SQS
Script for pulling events from a MISP database and converting them to Autofocus queries.
A Utility to bootstrap a new PAN-OS NGFW. This utility provides an API only. An example web interface is provided here: https://github.com/PaloAltoNetworks/panos-bootstrapper-ui
PAN-OS Bootstrapper UI provides a simple, example web-UI that consumes the PAN-OS Bootstrapper utility API.
Utils is a package that contains various shared utilities tools for Aporeto micro services
Azure Load Balancer and HA Combined Deployment for Faster Failover with no API Calls
Skillets is the default holding place for useful Panhandler skillets. These are usually smaller one-off bits that may not require their own repository. Feel free to add to this repository with your own Skillets via a PR.
This Azure HA Template Allows Launching an Additional VM-Series into a Resource Group.
Implements the automation and integration framework to work with Azure Virtual WAN's and PANW to create VPN connections.
This solution maps XFF header source IP to User-ID allowing for blocking malicious sources when the VM-Series is behind a device that performs source NAT such as a load balancer.
A set of tutorials to learn how to automate various Prisma Cloud tasks.
This repo contains a lab which demonstrates the use of the Palo Alto Networks Security adapter for Istio
Prerequisites Lab for Palo Alto Networks Professional Service Public Cloud Workshop
Ansible playbook to license the NGFW, install content updates, and install the required software version
This Terraform Module creates a PAN-OS bootstrap package in an AWS S3 bucket to be used for bootstrapping Palo Alto Networks VM-Series virtual firewall instances.
Tools and base classes for working with Skillets. Issues and feature requests are tracked here: https://gitlab.com/panw-gse/as/skilletlib/-/issues
Tool to migration Prisma Cloud Compute Consoles through the use of the Prisma Cloud API
Build & secure a Google Cloud hub-and-spoke architecture with VM-Series.
A python framework to use the Prisma Access API to configure Cloud Managed
Reading large amounts of log files is difficult. These Sublime Text files help highlight events in the log files.
Python script for migrating Prisma Cloud Tenants and for syncing changes across all managed Tenants.
Create custom VM-Series images on public cloud with upgraded PanOS, Plugin and Content versions
Detect and respond to attacks in AWS by sending packets to VM-Series without putting the firewall inline
Qwiklab setup scripts for deploy Zero Trust lab with Palo Alto Networks VM-Series Firewall
set of configuration, validation, and scripts for IoT deployment and traffic generation
This Ansible role applies security best practice templates to Palo Alto Networks devices.
A collection of Example Skillets including terraform, REST, python, and PAN-OS skillets
This repository contains the various integrations of the Palo Alto Networks Security adapter for Istio
Very targeted script that allows update of the FW NAT rules based on the dynamic AWS' ELB VIP changes
A collection of files with indicators supporting social media posts from Palo Alto Network's Unit 42 team to disseminate timely threat intelligence.
Terraform tutorial detailing how to deploy Active/Passive VM-Series with session sync in Google Cloud.
Terraform modules that leverage the Palo Alto Networks Prisma SASE Terraform Provider
Python Script for Prisma Cloud CSPM to run RQL queries and record results in a CSV file
Palo Alto Networks PAN-OS Dynamic Address Group (DAG) Tags Module for Network Infrastructure Automation (NIA)
The K-12 Skillet is indented for K-12 educational deployment configuration of the Palo Alto Networks NGFW
Script for exporting Prisma Cloud policies and their associated RQL into a CSV output file.
CNC: Chevy's, not Cadillacs. Rapid UI prototyping for all Palo Alto Networks WWSE demos and pocs.
Application Frameworks OAUTH2 Shared Component implementation as a AWS Lambda Function
Unit 42 repository hosting packet captures (pcaps) for our series of Wireshark tutorials
Gathers information from PANW automation GitHub repos to build documentation for pan.dev
This repository is for automating the deployment of a hybrid multi cloud environment using terraform.
A repository to store custom policy examples that do not belong as out-of-the-box policies for Code Security.
A Terraform provider for the declarative management of Prisma Cloud Web Application & API Security (WAAS) policies
A demonstration of using the Wildfire API to scan files uploaded to a Google Cloud Storage bucket to determine if they are malicious or benign.
IronSkillet sub-snippets used to create loadable configurations as playlists that may only use select configuration elements
Utilize a CSV list of accounts to see if a list of accounts exists in a Prisma Cloud tenant
This Terraform Module creates a PAN-OS bootstrap package in a Google Cloud Storage bucket.
Deploys k8s cluster, VM-Series for N/S and E/W inspection and guides the use of the Prisma Cloud API scan of Manifest
This repo contains the configuration files to build and deploy the Palo Alto Networks Istio adapter into the GCP/Kubernetes market place
This implementation integrates the AWS Security Hub insights and makes it actionable on the VM-Series FW.
This repo contains Terraform templates to deploy a PAN VM-Series FW into GCP.
This repo enables you to perform cloud automation demos using Terraform or Ansible
A proof of concept to demonstrate synchronization of server assets and their attributes from ServiceNow into registered IP tags and dynamic address groups on a Palo Alto Networks next-generation firewall.
The pcs-inspect.py script queries the Prisma Cloud API for all enabled Policies and for all Alerts within a Relative Time Range (with a default of one month) for a Tenant
This template deploys two VM-Series firewalls in HA with HAVIP in one Availability Zone (AZ) and a single firewall in another AZ. Failover is controlled by a Function Compute script
Secure many VPC networks using VM-Series within the Google Cloud multi-hub and spoke design.
Python3 tool for automatically dismissing alerts in Prisma Cloud for a deleted cloud account
Qwiklab setup scripts for deploy Zero Trust lab with Palo Alto Networks CN-Series Firewall
Proxy application for ingesting into Azure sentinel from Cortex Data Lake
This script will run RQL search and take the results and format them into CSV (based on current CSV output on Investigate page)
This repo is for deploying CN-series firewall using Helm Package Manager for Kubernetes in IBM Cloud
This template deploys two VM-Series firewalls in a Load-Balancer Sandwich architecture in Alibaba Cloud using the VM-Series (10.0.3 or 11.0.0) images on Alibaba Cloud Marketplace
In PAN-OS 8.1.2, Palo Alto introduced additional threat logging that is enabled with an OP/CLI command. This application is a tool that allows you to enable the feature on multiple firewalls directly or through Panorama.
Suite of helper skillets and playbooks to simplify and validate Cortex Data Lake deployments
Ansible roles and libraries for working with PAN-OS, Panorama, and Pan-Validation Skillets
This repository contains squid proxy patch to make it work with the decryption broker feature. This repo also has a brief documentation about how to make squid proxy work with decryption broker feature in order to send traffic to an ICAP server for inspection.
An Ansible role that synchronizes VMware vCenter virtual machine IP addresses and tags with PAN-OS.
Source code for using Autofocus (and other applications) to discern hash coverage of known and unknown artifacts.
Script to read learned Cisco APIC EPG Endpoints and update PANW dynamic address groups.