Script for detecting the WireLurker malware family
413 ★
The PAN-OS SDK for Python is a package to help interact with Palo Alto Networks devices (including physical and virtualized Next-generation Firewalls and Panorama). The pan-os-python SDK is object oriented and mimics the traditional interaction with the device via the GUI or CLI/API.
321 ★
Ansible modules for Palo Alto Networks NGFWs
226 ★
IronSkillet is a set of day-one configuration templates for PAN-OS to enable alignment with security best practices. See the Quick Start section below to get started using the template configurations.
188 ★
Ansible collection for easy automation of Palo Alto Networks next generation firewalls and Panorama, in both physical and virtual form factors.
186 ★
This repo contains Terraform templates to deploy infrastructure on AWS and Azure and to secure them using the Palo Alto Networks Next Generation Firewalls
143 ★
Engine of MineMeld
140 ★
VM-Series ARM Templates for Microsoft Azure
105 ★
Palo Alto Networks App for Splunk leverages the data visibility provided by Palo Alto Networks next-generation firewalls and endpoint security with Splunk's extensive investigation and visualization capabilities to deliver an advanced security reporting and analysis tool.
96 ★
IAM-Deescalate helps mitigate privilege escalation risk in AWS identity and access management (IAM)
92 ★
VM-Series for Amazon Web Services
74 ★
Prisma Cloud utility scripts, and a Python SDK for Prisma Cloud APIs.
52 ★
Create custom auto-remediation solutions using serverless functions in the cloud.
50 ★
pyJARM is a library for doing JARM fingerprinting using python
48 ★
Python idiomatic SDK for Cortex™ Data Lake.
41 ★
automated AWS transit vpc
40 ★
Prototypes for MineMeld nodes
37 ★
Creates a Transit Gateway with two server VPCs and a security VPC
35 ★
The Prisma Cloud CLI is a command line interface for Prisma Cloud by Palo Alto Networks.
34 ★
Parse a report and import the events into MISP
28 ★
Flexible Cloud Automation
27 ★
A command line utility to aid in using autofocus for IR and research
25 ★
Azure security with VM-Series in a hub-and-spoke architecture
19 ★
MineMeld nodes for MISP
The Palo Alto Networks Add-on for Splunk allows a Splunk® Enterprise or Splunk Cloud administrator to collect data from Palo Alto Networks Next-Generation Firewall devices and Advanced Endpoint Protection.
A python client library for interfacing with the autofocus rest services
pan-stix
A python library to extract TCP sessions from PCAPs.
16 ★
Prisma Cloud serverless function that can accept webhook and send alerts to syslog, S3, and SQS
13 ★
Script for pulling events from a MISP database and converting them to Autofocus queries.
A Utility to bootstrap a new PAN-OS NGFW. This utility provides an API only. An example web interface is provided here: https://github.com/PaloAltoNetworks/panos-bootstrapper-ui
12 ★
Migrate Panorama or Local PANOS config to Strata Cloud Manager
11 ★
Python3 API toolkit for Prisma Cloud APIs
Read only mirror. To contribute or submit issues, please go to the website link --->
VM-Series templates for Google Cloud Platform
MineMeld Miner for Youtube channels
Sample data generator for the Splunk for Palo Alto Networks app.
PAN-OS Bootstrapper UI provides a simple, example web-UI that consumes the PAN-OS Bootstrapper utility API.
10 ★
Implements the automation and integration framework to work with Azure Virtual WAN's and PANW to create VPN connections.
9 ★
PAN-OS Upgrade Assurance package code
8 ★
Tool to migration Prisma Cloud Compute Consoles through the use of the Prisma Cloud API
7 ★
Python interface to the Palo Alto Networks Threat Vault API
Tools and base classes for working with Skillets. Issues and feature requests are tracked here: https://gitlab.com/panw-gse/as/skilletlib/-/issues
Google Cloud Auto Scaling Available Now
Cloudformation Script to onboard accounts to Redlock
This solution maps XFF header source IP to User-ID allowing for blocking malicious sources when the VM-Series is behind a device that performs source NAT such as a load balancer.
Cisco ISE session miner using pxGrid bulk download REST API
A collection of utilities that users of pan-python might find useful
Python client to retrieve prisma access IP Addresses from API
6 ★
Docs and tutorial for Skillet template building
Dynamic User Group code for Palo Alto Networks devices
repo for ignite 2018 hand on lab
A python framework to use the Prisma Access API to configure Cloud Managed
5 ★
Prisma SASE SDK
Splunk app for ingesting Prisma Cloud Compute incidents and forensics
Prisma Cloud alert csv output plus tags and account group names
Intel Importer
4 ★
Cloud Formation template to deploy and manage the Cloud NGFW on AWS.
Python SDK for Cortex™ Xpanse
Create custom VM-Series images on public cloud with upgraded PanOS, Plugin and Content versions
Ansible collection for Prisma Cloud
MineMeld nodes for Microsoft Graph Security API
Cisco ISE pxGrid to Palo Alto Networks MineMeld Gateway
scripts to query information from a PAN-OS NGFW
3 ★
Ansible collection for Skillets
Integration of IOC from AWS Security Hub with the VM-Series Firewall
This Ansible role applies security best practice templates to Palo Alto Networks devices.
CNC: Chevy's, not Cadillacs. Rapid UI prototyping for all Palo Alto Networks WWSE demos and pocs.
New TAXII Miner for MineMeld
Very targeted script that allows update of the FW NAT rules based on the dynamic AWS' ELB VIP changes
Implements Contrastive Credibility Propagation (CCP) in PyTorch, an iterative semi-supervised learning framework
2 ★
A repository to store custom policy examples that do not belong as out-of-the-box policies for Code Security.
Python Script for Prisma Cloud CSPM to run RQL queries and record results in a CSV file
Python interface to the Palo Alto Networks IoT Security API
Utilize a CSV list of accounts to see if a list of accounts exists in a Prisma Cloud tenant
Script for exporting Prisma Cloud policies and their associated RQL into a CSV output file.
MSSP Demo Portal - Art of the Possible
This is the V1 (CFT) template to deploy an NLB architecture to AWS.
firebreak: Fight fire with WildFire
1 ★
A simple demo implementation of the Innocent Until Proven Guilty (IUPG) learning framework to train an MNIST classifier with or without noise.
An implementation of the Contrastive Credibility Propagation (CCP) algorithm in Tensorflow. Includes all the code needed to recreate the CIFAR-10 and CIFAR-100 experiments in the paper.
Prisma Cloud Compute API management of compute collections.
Prisma Cloud API management of Cloud Accounts, specifically around agentless.
XSOAR Content for managing the PAN-OS Upgrade process.
Proxy application for ingesting into Azure sentinel from Cortex Data Lake
Miner for Prisma Access API
An Ansible role that synchronizes VMware vCenter virtual machine IP addresses and tags with PAN-OS.
This implementation integrates the AWS Security Hub insights and makes it actionable on the VM-Series FW.
MineMeld nodes for MSFT WD ATP API
MineMeld Miner extension to expand IPv4 wildcards into list of corresponding CDIR's
MineMeld Output node for CEF format
A proof of concept to demonstrate synchronization of server assets and their attributes from ServiceNow into registered IP tags and dynamic address groups on a Palo Alto Networks next-generation firewall.
0 ★
Preload Trusted CA Intermediate Certificate Chains on PAN-OS
Script to calculate average time it takes for an Alert to move from Open status to Resolved status.
The pcs-inspect.py script queries the Prisma Cloud API for all enabled Policies and for all Alerts within a Relative Time Range (with a default of one month) for a Tenant
Gathers information from PANW automation GitHub repos to build documentation for pan.dev
Scripts to run async RQL queries
Simple script to dismiss alerts from a supplied CSV file.
Python3 tool for automatically dismissing alerts in Prisma Cloud for a deleted cloud account
Prisma Cloud Tenant Locator Script
This script will run RQL search and take the results and format them into CSV (based on current CSV output on Investigate page)
In PAN-OS 8.1.2, Palo Alto introduced additional threat logging that is enabled with an OP/CLI command. This application is a tool that allows you to enable the feature on multiple firewalls directly or through Panorama.
Qwiklab- Palo Alto Networks VM-Series Firewall: Securing the GKE Perimeter
Prisma Cloud SQS poller to syslog
Suite of helper skillets and playbooks to simplify and validate Cortex Data Lake deployments
VM-Series AutoScale Qwiklab
Ansible roles and libraries for working with PAN-OS, Panorama, and Pan-Validation Skillets
Source code for using Autofocus (and other applications) to discern hash coverage of known and unknown artifacts.
MineMeld extension for ThreatConnect
Script to read learned Cisco APIC EPG Endpoints and update PANW dynamic address groups.
Update AWS SG to quarantine hosts based upon trigger from FW threat log Edit Add topics
Upgrade all NSX-based VM-1000-HV firewalls to the same version
demo demo