Test Output Results Toolkit
This utility is provided to enable Systems Engineers to load hashes from failed Ixia and/or Spirent security tests. It will then process the hashes against the Palo Alto Networks Threat Intelligence Cloud to determine the reason why the hash was not found/blocked/inidcated in the passing results.
It interfaces with both Autofocus (pull) and ELK (optional push) API interfaces.
How to run TORT
The only supported way to run TORT is to run the docker container:
docker run -p 8088:80 paloaltonetworks/pan-tort:latest
Once the container is up and running - point your browser to http://localhost:8088
Login is paloalto/tort
NOTE: This does not support pushing the results to ELK - yet
Advanced TORT - pushing to ELK
To push the results to your ELK instance, you must have a .panrc in your home directory with the following entries (at minimum)
ELASTICSEARCH_HOST = "<ip of elasticsearch host>" ELASTICSEARCH_PORT = "<port - default es install port is 9200>"
Optionally you can also add your API key to the .panrc as well:
AUTOFOCUS_API_KEY = "<api_key>"
Once you have that in place you can start the container by mounting the .panrc inside the container
docker run -p 8088:80 -v ~/.panrc:/.panrc paloaltonetworks/pan-tort:latest
If you added the AF API key, you don't have to type it in anymore. :)