The PAN-OS SDK for Python is a package to help interact with Palo Alto Networks devices (including physical and virtualized Next-generation Firewalls and Panorama). The pan-os-python SDK is object oriented and mimics the traditional interaction with the device via the GUI or CLI/API.
IronSkillet is a set of day-one configuration templates for PAN-OS to enable alignment with security best practices. See the Quick Start section below to get started using the template configurations.
Ansible collection for easy automation of Palo Alto Networks next generation firewalls and Panorama, in both physical and virtual form factors.
This repo contains Terraform templates to deploy infrastructure on AWS and Azure and to secure them using the Palo Alto Networks Next Generation Firewalls
Palo Alto Networks App for Splunk leverages the data visibility provided by Palo Alto Networks next-generation firewalls and endpoint security with Splunk's extensive investigation and visualization capabilities to deliver an advanced security reporting and analysis tool.
IAM-Deescalate helps mitigate privilege escalation risk in AWS identity and access management (IAM)
Create custom auto-remediation solutions using serverless functions in the cloud.
Example scripts, snippets, and other documents related to Prisma Cloud Compute
The Palo Alto Networks Add-on for Splunk allows a Splunk® Enterprise or Splunk Cloud administrator to collect data from Palo Alto Networks Next-Generation Firewall devices and Advanced Endpoint Protection.
The Prisma Cloud CLI is a command line interface for Prisma Cloud by Palo Alto Networks.
Script for pulling events from a MISP database and converting them to Autofocus queries.
Prisma Cloud serverless function that can accept webhook and send alerts to syslog, S3, and SQS
PAN-OS Bootstrapper UI provides a simple, example web-UI that consumes the PAN-OS Bootstrapper utility API.
A Utility to bootstrap a new PAN-OS NGFW. This utility provides an API only. An example web interface is provided here: https://github.com/PaloAltoNetworks/panos-bootstrapper-ui
Implements the automation and integration framework to work with Azure Virtual WAN's and PANW to create VPN connections.
This solution maps XFF header source IP to User-ID allowing for blocking malicious sources when the VM-Series is behind a device that performs source NAT such as a load balancer.
Tools and base classes for working with Skillets. Issues and feature requests are tracked here: https://gitlab.com/panw-gse/as/skilletlib/-/issues
Create custom VM-Series images on public cloud with upgraded PanOS, Plugin and Content versions
A python framework to use the Prisma Access API to configure Cloud Managed
Very targeted script that allows update of the FW NAT rules based on the dynamic AWS' ELB VIP changes
Python script for migrating Prisma Cloud Tenants and for syncing changes across all managed Tenants.
This Ansible role applies security best practice templates to Palo Alto Networks devices.
Script for exporting Prisma Cloud policies and their associated RQL into a CSV output file.
CNC: Chevy's, not Cadillacs. Rapid UI prototyping for all Palo Alto Networks WWSE demos and pocs.
Python Script for Prisma Cloud CSPM to run RQL queries and record results in a CSV file
Utilize a CSV list of accounts to see if a list of accounts exists in a Prisma Cloud tenant
This implementation integrates the AWS Security Hub insights and makes it actionable on the VM-Series FW.
A proof of concept to demonstrate synchronization of server assets and their attributes from ServiceNow into registered IP tags and dynamic address groups on a Palo Alto Networks next-generation firewall.
Python3 tool for automatically dismissing alerts in Prisma Cloud for a deleted cloud account
Proxy application for ingesting into Azure sentinel from Cortex Data Lake
This script will run RQL search and take the results and format them into CSV (based on current CSV output on Investigate page)
In PAN-OS 8.1.2, Palo Alto introduced additional threat logging that is enabled with an OP/CLI command. This application is a tool that allows you to enable the feature on multiple firewalls directly or through Panorama.
Generates alert report via email - reporting on top risks in last 24 hrs, top high risks and all risks, then breakdown by account. Also top 5 policies by count.
Suite of helper skillets and playbooks to simplify and validate Cortex Data Lake deployments
Ansible roles and libraries for working with PAN-OS, Panorama, and Pan-Validation Skillets
An Ansible role that synchronizes VMware vCenter virtual machine IP addresses and tags with PAN-OS.
Source code for using Autofocus (and other applications) to discern hash coverage of known and unknown artifacts.
Script to read learned Cisco APIC EPG Endpoints and update PANW dynamic address groups.