WireLurkerDetector

Script for detecting the WireLurker malware family

minemeld

Main MineMeld documentation repo

ansible-pan

Ansible modules for Palo Alto Networks NGFWs

pan-os-python

The PAN-OS SDK for Python is a package to help interact with Palo Alto Networks devices (including physical and virtualized Next-generation Firewalls and Panorama). The pan-os-python SDK is object oriented and mimics the traditional interaction with the device via the GUI or CLI/API.

minemeld-core

Engine of MineMeld

iron-skillet

IronSkillet is a set of day-one configuration templates for PAN-OS to enable alignment with security best practices. See the Quick Start section below to get started using the template configurations.

terraform-templates

This repo contains Terraform templates to deploy infrastructure on AWS and Azure and to secure them using the Palo Alto Networks Next Generation Firewalls

azure

VM-Series ARM Templates for Microsoft Azure

Splunk-Apps

Palo Alto Networks App for Splunk leverages the data visibility provided by Palo Alto Networks next-generation firewalls and endpoint security with Splunk's extensive investigation and visualization capabilities to deliver an advanced security reporting and analysis tool.

aws-elb-autoscaling

Auto Scaling VM-Series firewalls in AWS

minemeld-ansible

Ansible playbook for installing MineMeld on Linux

InstallerHijackingVulnerabilityScanner

aws

VM-Series for Amazon Web Services

pan-os-ansible

Ansible collection for PAN-OS

aws-transit-vpc

automated AWS transit vpc

minemeld-webui

WebUI of MineMeld

terraform-provider-panos

Terraform Panos provider

minemeld-node-prototypes

Prototypes for MineMeld nodes

evident-custom-signatures

Evident Security Platform Custom Signatures Samples

pan-cortex-data-lake-python

Python idiomatic SDK for Cortex™ Data Lake.

pango

pango is the underlying library for the Palo Alto Networks Terraform provider

pan-fca

Flexible Cloud Automation

panhandler

Panhandler is a tool to manage config snippets and Skillets for PAN-OS devices

TransitGatewayDeployment

Creates a Transit Gateway with two server VPCs and a security VPC

autofocus-lenz

A command line utility to aid in using autofocus for IR and research

report_to_misp

Parse a report and import the events into MISP

azure-applicationgateway

Scale out security for web deployments using VM-Series firewalls and Azure Application Gateway web load balancer

evident-automation

Evident Security Platform Automation

gaia

Aporeto API (Elemental model)

pan-stix

pan-stix

ReferenceArchitectures

Palo Alto Networks Reference Architectures

minemeld-misp

MineMeld nodes for MISP

autofocus-client-library

A python client library for interfacing with the autofocus rest services

Azure-Transit-VNet

Azure security with VM-Series in a hub-and-spoke architecture

openstack-templates

VM-Series Firewalls on OpenStack

Splunk_TA_paloalto

The Palo Alto Networks Add-on for Splunk allows a Splunk® Enterprise or Splunk Cloud administrator to collect data from Palo Alto Networks Next-Generation Firewall devices and Advanced Endpoint Protection.

Kubernetes

Repository for Palo Alto Networks Kubernetes Security - CN Series.

pantools

A collection of pre-installed tools commonly used with Palo Alto Networks products packaged as a Docker container

terraform-provider-prismacloud-orig

Terraform provider for Prisma Cloud

SafeNetworking

Read only mirror. To contribute or submit issues, please go to the website link --->

misp-to-autofocus

Script for pulling events from a MISP database and converting them to Autofocus queries.

ansible-playbooks

Sample playbooks for the Palo Alto Networks Ansible modules.

aws-alb-sandwich

AWS ALB Sandwich with VM-Series

gcp-two-tier

VM-Series templates for Google Cloud Platform

minemeld-docker

Official Palo Alto Networks MineMeld docker

terraform-ansible-intro

Introduction to Terraform and Ansible

appframeworklab

Next Generation Firewall AWS Lab

Splunk-App-Data-Generator

Sample data generator for the Splunk for Palo Alto Networks app.

research-notes

panos-bootstrapper-ui

PAN-OS Bootstrapper UI provides a simple, example web-UI that consumes the PAN-OS Bootstrapper utility API.

GCP-k8s-north-south-inspection-and-east-west-visibility

ciscoise-miner

Cisco ISE session miner using pxGrid bulk download REST API

youtube-miner

MineMeld Miner for Youtube channels

cn-series-helm

This repo is for deploying CN-series firewall using Helm Package Manager for Kubernetes

PrismaCloud_TF_BulkOnboarding_and_AWS_Orgs

Prisma-Cloud-DevOps-Security

pan_google_next_istio_lab

This repo contains a lab which demonstrates the use of the Palo Alto Networks Security adapter for Istio

multicloud-automation-lab

Multi-Cloud Security Automation Lab

PAN_DUG

Dynamic User Group code for Palo Alto Networks devices

panos-bootstrapper

A Utility to bootstrap a new PAN-OS NGFW. This utility provides an API only. An example web interface is provided here: https://github.com/PaloAltoNetworks/panos-bootstrapper-ui

pan-python-tools

A collection of utilities that users of pan-python might find useful

AKS-k8s-north-south-inspection

microsoft_azure_virtual_wan

Implements the automation and integration framework to work with Azure Virtual WAN's and PANW to create VPN connections.

azure-autoscaling

Azure autoscaling solution using VMSS

Azure-interface-options

Azure VM-Series options including differing interfaces

pan_guard_duty

Intel-Framework

Intel Importer

pcs-policy-notice

PCS Policies Release Notice

reference_architecture_automation

Terraform, Ansible, and Python scripts that implement Palo Alto Networks Reference Architectures through automation.

terraform-iac-lab

Infrastructure as Code lab using Terraform and GCP

GCP-Terraform-Samples

Prisma-CloudFunction-Syslog

Prisma Cloud serverless function that can accept webhook and send alerts to syslog, S3, and SQS

HomeSkillet

Simple 2-zone internet gateway configuration for home use

minemeld-msgraph-secapi

MineMeld nodes for Microsoft Graph Security API

redlock-automation

gridmeld

Cisco ISE pxGrid to Palo Alto Networks MineMeld Gateway

OracleCloud

Sample Terraform template for deploying VM-Series on Oracle Cloud Infrastructure

pancloud-nodejs

Palo Alto Networks Application Framework NodeJS SDK

ignite2018-how16

repo for ignite 2018 hand on lab

pan-tort

XFF-to-User-ID-mapping

This solution maps XFF header source IP to User-ID allowing for blocking malicious sources when the VM-Series is behind a device that performs source NAT such as a load balancer.

minemeld-taxii-ng

New TAXII Miner for MineMeld

Azure-FW-4-Interfaces-

Repo created to support the deployment of a 4 interface Palo Alto Networks firewall (1-MGMT and 3-Dataplane) into an existing Microsoft Azure environment.

cn-series-deploy

A set of Terraform plans for deploying a Kubernetes cluster protected by a CN-Series containerize firewall

secops_ctf

aws-traffic-mirroring

Detect and respond to attacks in AWS by sending packets to VM-Series without putting the firewall inline

PrismaCFNOnboarding

Cloudformation Script to onboard accounts to Redlock

GPSkillets

GlobalProtect Quick Configs

istio

This repository contains the various integrations of the Palo Alto Networks Security adapter for Istio

Skillets

Skillets is the default holding place for useful Panhandler skillets. These are usually smaller one-off bits that may not require their own repository. Feel free to add to this repository with your own Skillets via a PR.

terraform-aws-panos-module

Terraform Module to Deploy PAN-OS firewall to AWS

pandevice-tutorial

Palo Alto Networks Device Framework Jupyter Notebook Tutorial

Azure-FW-3-Interfaces-

Repo created to support the deployment of a 3 interface Palo Alto Networks firewall (1-MGMT and 2-Dataplane) into an existing Microsoft Azure environment.

azure-vm-monitoring

cisco-aci-devicepackage

Issue tracking for the Palo Alto Networks Cisco ACI Device Package

PANW-test-drive

a collection of scripts that make PaloAltoNetworks test drive

aws-elbhelper

Very targeted script that allows update of the FW NAT rules based on the dynamic AWS' ELB VIP changes

ansible-lab

A hands-on lab showing how to use the PAN-OS Ansible modules.

advanced_deployment

VM-Series Advanced Deployment for GCP Qwiklab

alert_tags_acctgrp

Prisma Cloud alert csv output plus tags and account group names

skilletlib

Tools and base classes for working with Skillets

GCP-AutoScaling

Google Cloud Auto Scaling Available Now

panos.pan.dev

PAN-OS® for Developers site

aws-eks

NetSecOpenSkillet

pan-custom-signatures

A group of custom vulnerability signatures from various authors.

ignite2019-how14

Repo for ignite how lab

SkilletBuilder

Docs and tutorial for Skillet template building

Azure-HA-Deployment

This Azure HA Template Allows Launching an Additional VM-Series into a Resource Group.

vistoq

MSSP Demo Portal - Art of the Possible

pan-cnc

CNC: Chevy's, not Cadillacs. Rapid UI prototyping for all Palo Alto Networks WWSE demos and pocs.

azure-availability-zone

Deploys the VM-Series in Azure into an Availability Zone

app-f-oauth2-shared

Application Frameworks OAUTH2 Shared Component implementation as a AWS Lambda Function

Azure-OutboundHA-StandardLB

sfntools

pan_nlb_v1

This is the V1 (CFT) template to deploy an NLB architecture to AWS.

Azure-Bootstrap

multi-ip

azure-new-v2

firebreak-box

firebreak: Fight fire with WildFire

PrismaCloud-AcctGrps-Labels

sdwan

SD-WAN configuration templates

terraform-iac-demo

IaC demo using Terraform Cloud

aws-ha-cft

For use with AWS HA Improvements

community-health-test5

test

Prisma-Enhanced-Remediation

Create custom auto-remediation solutions using serverless functions in the cloud.

custom-imaging

Create custom VM-Series images on public cloud with upgraded PanOS, Plugin and Content versions

prisma-cloud-compute

aws_security_hub

Integration of IOC from AWS Security Hub with the VM-Series Firewall

prisma-cloud-go

Prisma Cloud SDK in Go

Assassin

What can a potential attacker know about you without being alerted to their recon? Assassin can help you find out.

prisma-access-skillets

Suite of skillets for initial Prisma Access deployment and configuration

terraform-aws-panos-bootstrap

This Terraform Module creates a PAN-OS bootstrap package in an AWS S3 bucket to be used for bootstrapping Palo Alto Networks VM-Series virtual firewall instances.

Server-Hardening-Signatures

Signatures for Palo Alto Networks to detect improperly hardened servers

passport-cortex

A PassportJS strategy for Palo Alto Networks Cortex

minemeld-prisma-access

Miner for Prisma Access API

.github

Default community health files for all Palo Alto Networks public repositories

K12Skillet

The K-12 Skillet is indented for K-12 educational deployment configuration of the Palo Alto Networks NGFW

iac-scan-rules

pan-talon

Reports and tools for performing various assessments

ansible-role-spatula

This Ansible role applies security best practice templates to Palo Alto Networks devices.

Example_Skillets

A collection of Example Skillets including terraform, REST, python, and PAN-OS skillets

GCP-VM-Series-k8s-Prisma-Cloud-API

Deploys k8s cluster, VM-Series for N/S and E/W inspection and guides the use of the Prisma Cloud API scan of Manifest

pan_aws_security_hub

This implementation integrates the AWS Security Hub insights and makes it actionable on the VM-Series FW.

minemeld-wd-atp

MineMeld nodes for MSFT WD ATP API

ignite18-GCP-Labs

gcp_terraform_ignite2018

This repo contains Terraform templates to deploy a PAN VM-Series FW into GCP.

cloud-automation-demo

This repo enables you to perform cloud automation demos using Terraform or Ansible

wildcardip-miner

MineMeld Miner extension to expand IPv4 wildcards into list of corresponding CDIR's

AzureNSG

Update Azure NSG to quarantine hosts based upon trigger from FW threat log

Azure-China

Azure China solution template

azure-load-balancer2

minemeld-cef

MineMeld Output node for CEF format

azure-load-balancer1

azure-vnet

security-as-code-qwiklab

sac-lab

terraform-panos-ag-dag-nia

terraform-panos-dag-nia

prismacloud_sqs_to_syslog

iot-automated-solution

set of configuration, validation, and scripts for IoT deployment and traffic generation

prisma-cloud-circleci-orb

panorama-orchestration

panos-logging-skillets

Suite of helper skillets and playbooks to simplify and validate Cortex Data Lake deployments

Prisma_Cloud_AWS_Onboard

Azure-HA-AutoLaunch

Auto Launch templates for Azure HA

terraform-provider-prismacloud

Terraform PrismaCloud provider

prisma-cloud-defender

AccountGroupUpdate

skillet_ansible

Ansible collection for Skillets

transfer-go-dependency

cn-series-lab

CN-Series Qwiklab

autoscale

VM-Series AutoScale Qwiklab

PublicSector

Resources for World Wide Public Sector customers

prisma-cloud-ansible

Ansible collection for Prisma Cloud

Splunk-Docs

Source for the documentation of the Splunk App and Add-on

pan-cortex-xdr-nodejs

NodeJS / Javascript / TypeScript language binding for the XDR PRO API

splunkdev-watchman

A docker image to reload Splunk apps on changes during Splunk app development

pan-cortex-hub-java

Palo Alto Networks Cortex hub client library

pan-cortex-hub-nodejs

Palo Alto Networks Cortex hub client library

pan-cortex-data-lake-java

Palo Alto Networks Cortex Data Lake client library

pan-cortex-data-lake-nodejs

Palo Alto Networks Cortex Data Lake client library

terraform-azurerm-panos-bootstrap

Creates a PAN-OS bootstrap package in Microsoft Azure.

terraform-google-panos-bootstrap

This Terraform Module creates a PAN-OS bootstrap package in a Google Cloud Storage bucket.

panw-gse.skillets

Ansible roles and libraries for working with PAN-OS, Panorama, and Pan-Validation Skillets

prisma.pan.dev

prisma_cloud

files used for HOW Lab Prisma Cloud Compute: Securing GKE Run Time

TrafficTest

testing traffic

onboard_aws_prisma

squidproxy

This repository contains squid proxy patch to make it work with the decryption broker feature. This repo also has a brief documentation about how to make squid proxy work with decryption broker feature in order to send traffic to an ICAP server for inspection.

cortex.pan.dev

Cortex® for Developers

pan.dev

Palo Alto Networks for Developers

AWS-TGW-Panorama-bootstrap

BlackHat

Code for Black Hat Projects

GPCSskillets

Onboarding and configuration skillets for GPCS

azure-aks

Azure Kubernetes Service Security Solution

rl_export_policies

Script for exporting RedLock policies and their associated RQL into a CSV output file.

gcp_marketplace_istio_adapter

This repo contains the configuration files to build and deploy the Palo Alto Networks Istio adapter into the GCP/Kubernetes market place

cortex-security-guidelines

Partner Security Guidelines for Cortex Apps

MobileSkillet

Mobile configuration templates to create logging for safenetworking

ansible-role-vmware-dagger

An Ansible role that synchronizes VMware vCenter virtual machine IP addresses and tags with PAN-OS.

mssp-templates

repeatable jinja templates for mssp services

ansible-role-entrapment

An Ansible role for deploying the Palo Alto Networks Traps agent

pan-tort-source

Source code for using Autofocus (and other applications) to discern hash coverage of known and unknown artifacts.

ignite18-multicloud-automation

Multi-Cloud Automation HOW

fqdn-service

FQDN Serverless Service

AzureStack

Sample template for deploying VM-Series for AzureStack

pancloud-tutorial

PAN Cloud Python SDK Tutorial

automation-utility-vm

Packer and Ansible project to build an automation utility vm

azure-germany

nuage-connector

minemeld-threatconnect

MineMeld extension for ThreatConnect

APIC-EPG-DAG-Update

Script to read learned Cisco APIC EPG Endpoints and update PANW dynamic address groups.

AWSSG

Update AWS SG to quarantine hosts based upon trigger from FW threat log Edit Add topics

budapest-beta

Templates and such for VM-Series' PAN-OS 8.1 (aka Budapest) beta in public clouds (AWS, Azure, Google Cloud)

Azure-China-7.1.1

Networking-Scripts

Networking Scripts

nsx-ngfw-version-match

Upgrade all NSX-based VM-1000-HV firewalls to the same version

SyncServiceNow

A proof of concept to demonstrate synchronization of server assets and their attributes from ServiceNow into registered IP tags and dynamic address groups on a Palo Alto Networks next-generation firewall.

cfn-vm-series-helper-demo

demo demo