Integration Resources

Integration Resources - Quick Reference

The Nextwave Technology Partner Program includes a select ecosystem of strategic partners who are leaders in their technology segments, and an extensive ecosystem of integration partners extending the capabilities of the Palo Alto Networks Security Operating Platform. Technology partners can integrate via an extensible platform that provides a rich set of APIs and accelerate their time to market by building apps on Cortex by Palo Alto Networks, leveraging an install base of over 50,000 customers to address customers’ security needs.

 

 

Integration Discussions Forum

For questions regarding the Technology Partner Program, please contact us

CLI Changes in PAN-OS 8.0
Changes to Default Behavior (PAN-OS 9.0)
Software End of Life Dates

 

Useful Demos & Videos

Palo Alto Networks Virtual Ultimate Test Drive
Palo Alto Networks Next-Generation Firewall Overview and Demo
Palo Alto Networks On-Demand Panorama Demo

 

Creating Support Account and Licensing VM-Series

Creating a Support Account
Register the VM-Series Firewall (with auth code)
Register the Usage-Based Model of the VM-Series for Public Clouds (no auth code)
Switch Between the BYOL (Bring Your Own License) and PAYG (Pay-As-You-Go) Licenses
License Types VM-Series Firewalls

 

Integrate with the VM-Series Next-Generation Firewall (Common)

The links below include helpful resources for integrating with the Next-Generation Firewall. Please carefully review the KVM requirements, and contact us with any questions.  

VM-Series Models
Registering the VM-Series Firewall
Licensing API
Activate License Key
Deactivate License
Bootstrapping (Preparing Licenses)

 

Integrate with KVM

Setup the VM-Series on KVM
KVM Requirements & Prerequisites
Supported Deployments on KVM
Performance Tuning of the VM-Series for KVM
Bootstrap the VM-Series on ESXi

 

Integrate with VMware ESXi

Setup the VM-Series on VMware ESXi
VM-Series on ESXi System Requirements
Supported Deployments on VMware vSphere Hypervisor (ESXi)
Performance Tuning of the VM-Series for ESXi
Bootstrap the VM-Series on ESXi

 

Integrate with Hyper-V

Setup the VM-Series on Hyper-V
Setup the VM-Series on Hyper-V
Hyper-V System Requirements
Supported Deployments on Hyper-V
Performance Tuning of the VM-Series for Hyper-V
Bootstrap the VM-Series on Hyper-V

 

Integrate with the Next-Generation Firewall & Panorama

Technical Documentation Technical Documentation on the Palo Alto Networks Security Operating Platform.
Next-Generation Firewall Syslog Format Syslog fields available with the Palo Alto Networks next-generation firewall.
Features Introduced in PAN-OS 9.0 The following topics describe the new features introduced in the PAN-OS® 9.0 release.
Automation and Orchestration Tools and Technologies Automation and Orchestration tools and technologies provide open, extensible projects that help you take the next step.
Ansible – Automating Next-Generation Firewall Configuration Ansible is a very powerful open source automation language, it uses modules to communicate with vendor specific devices.
Terraform Terraform is a powerful open source tool that is used to build and deploy infrastructure safely and efficiently.
Palo Alto Networks Device Framework The Device Framework is object oriented and mimics the traditional interaction with the device via the GUI or CLI/API.
GitHub Library Visit our GitHub repository!

 

PAN-OS and Panorama API

PAN-OS and Panorama API Guide 9.0 Use this API guide to access the XML and REST API and get familiar with the capabilities on the firewall and Panorama.
Get Started with the PAN-OS XML API

To use the PAN-OS XML API, first use your admin credentials to get an API key through the keygen command type.

Get Started with the PAN-OS REST API To use the PAN-OS and Panorama REST API, first use your administrative credentials to get an API key.
Access the PAN-OS REST API The PAN-OS REST API URL format includes a base path and the URI for the endpoint.
PAN-OS REST API Request and Response Structure The PAN-OS REST API enables you to perform CRUD operations with objects and use them in policy rules.
Tips and Tricks to the API

You can do a lot of cool things with the API. Find out some cool tricks shared in our user community.

API Training

API training and labs

Get Next-Generation Firewall API Key

API call to get Next-Generation Firewall API Key

User-ID and DAG API Call

API calls for User-ID and dynamic address IPs registration

API Call to Retrieve Logs

API calls to retrieve logs. (e.g., WildFire is one of the log types)

API Calls Through Panorama
API calls through Panorama. To convert the existing firewall API calls to Panorama, use target option with firewall serial number. (&target=device-serial-number)

 

Dynamic Address Groups and External Dynamic Lists

Dynamic Address Groups Dynamic address groups are used in policy. They allow you to create policy that automatically adapts to changes—adds, moves, or deletions of servers. It also enables the flexibility to apply different rules to the same server based on tags that define its role on the network, the operating system, or the different kinds of traffic it processes.
External Dynamic Lists An External Dynamic List is a text file that is hosted on an external web server so that the firewall can import objects—IP addresses, URLs, domains—included in the list and enforce policy.

 

 

Integrate with the Cortex Data Lake (Logging Service)

The Log Forwarding app allows you to forward logs stored the Cortex Data Lake (formally Logging Service) to an external Syslog log receiver.

Log Forwarding App Release Information
Cortex Data Lake Getting Started
Cortex Data Lake
Cortex Data Lake License Activation
Activate Cortex Data Lake on the Cortex Hub
License and Install the Cloud Services Plugin
Configure the Firewalls to Forward Logs to the Cortex Data Lake

 

Integrate with WildFire

WildFire™ cloud-based threat analysis service is the industry’s most advanced analysis and prevention engine for highly evasive zero-day exploits and malware. The cloud-based service employs a unique multi-technique approach combining dynamic and static analysis, innovative machine learning techniques, and a groundbreaking bare metal analysis environment to detect and prevent even the most evasive threats.

WildFire Technical Documentation Technical Documentation on WildFire
WildFire API Read the WildFire API Reference to learn how to use the malware detection capabilities of WildFire through a RESTful XML-based API.
WildFire API Frequently Asked Questions

This article serves as a home for frequently asked questions about the WildFire API.

 

 

Integrate with AutoFocus

Palo Alto Networks® AutoFocus™ contextual threat intelligence service makes threat analytics, with full context, available to every security organization, not just those with specialized security staff. This hosted security service arms security operations professionals with the highfidelity intelligence, correlation, context and automated prevention workflows needed to identify and respond to events in real time. 

AutoFocus Administrator's Guide Technical Documentation on AutoFocus
AutoFocus API Reference The AutoFocus™ API extends the ability to query the threat intelligence cloud through a programmatic, RESTful API. You can integrate this API into a third-party service, application, or script that accesses AutoFocus outside of the web portal. API responses are in JSON or XML-based STIX format.
Introduction to the AutoFocus API (Video)

Ready to harness the power of the AutoFocus threat intelligence service in your own service or app? Watch this video to learn how you can use the AutoFocus portal to easily create API requests.

Maltego for AutoFocus

Maltego is a data visualization tool which allows users to explore the relationships between entities interactively through Transforms. Transforms allow users to query disparate data sources and present a view of the retrieved data in a single view. As of the Summer of 2017, AutoFocus data is now available as a source to query for all subscribers with an API key. Simply install the transforms through the transform hub to get started.

Paterva - Maltego

 

Setting up the AutoFocus Transforms in Maltego

 

 

Integrate with MineMeld

MineMeld, by Palo Alto Networks, is an extensible Threat Intelligence processing framework and the 'multi-tool' of threat indicator feeds. Based on an extremely flexible engine, MineMeld can be used to collect, aggregate and filter indicators from a variety of sources and make them available for consumption to peers or to the Palo Alto Networks security platforms.

MineMeld Live Community

Visit the LIVEcommunity for technical information and support on MineMeld

MineMeld on GitHub - Developers Guide

Develop an integration with MineMeld

 

Integrate with Traps

Traps replaces legacy antivirus and secures endpoints with a multi-method prevention approach that blocks malware and exploits, both known and unknown, before they compromise endpoints, such as laptops, desktops and servers.

Traps Endpoint Security Manager 4.2 - Event Log Types 
Traps Endpoint Security Manager 4.2 - Forward Logs to Panorama 
Forward Logs to an External Logging Platform 

 

Cortex

Cortex 
Cortex XDR 
Cortex XDR - Analytics Administrator's Guide 
Cortex XDR - Investigation and Response Administrator's Guide 

 

Integrate with Aperture

The use of SaaS (software as a service) applications is creating new risks and gaps in security visibility for malware propagation, data leakage and regulatory non-compliance. Aperture delivers complete visibility and granular enforcement across all user, folder and file activity within sanctioned SaaS applications, providing detailed analysis and analytics on usage without requiring any additional hardware, software or network changes. Integrate with Aperture via Syslog and API.

 

 

Free Digital Learning

Palo Alto Networks Education has a free Digital Learning on the Firewall 8.1 Essentials: Configuration and Management (EDU-110). If you already have a Palo Alto Networks Learning Center account, please log in to access the course. If you do not have a Learning Center account, please click here to register and access the course.

 

Community
Integration Resources