Integration Resources - Quick Reference

Quick References for Integration Resources

The Nextwave Technology Partner Program includes a select ecosystem of Strategic Partners who are leaders in their technology segments, and an extensive ecosystem of Integration Partners extending the capabilities of the Palo Alto Networks Next Generation Security Platform. Technology Partners can integrate via an extensible platform that provides a rich set of APIs and accelerate their time to market by building Apps on the Palo Alto Networks Application Framework leveraging an install base of over 45,000 customers to address customers’ security needs.

 

For questions on the Technology Partner Program please contact us

Ask a question in the Integration Discussions Forum

 

Useful Demos & Videos

Topic

Register

On-demand Demos

Search demos

Palo Alto Networks Ultimate Test Drive

Events Calendar

Palo Alto Networks NGFW Demo

Demo available on demand

 

Download and Register the VM series NGFW

Access the support portal

Register the VM-Series NGFW

Activate the authorization codes

Get started with the NGFW Firewall

 

Integrate with the NGFW & Panorama

Technical Documentation   Technical Documentation on the Palo Alto Networks Next Generation Security Platform. 
NGFW Syslog Format   Syslog fields available with the Palo Alto Networks NGFW
Features Introduced in 8.0   The following topics describe the new features introduced in the PAN-OS® 8.0 release, which requires content release version 655 or a later version
 Automation/API   Automate the management and deployment of your Palo Alto Networks Next-Gen Firewall with these free tools and scripts
Device Framework  

The Device Framework is a mechanism for interacting with Palo Alto Networks devices (including physical and virtualized Next-generation Firewalls and Panorama). The Device Framework is object oriented and mimics the traditional interaction with the device via the GUI or CLI/API.

 Bootstrapping       Bootstrapping allows you to create a repeatable and streamlined process of deploying new VM-Series firewalls on your network because it allows you to create a package with the model configuration for your network and then use that package to deploy VM-Series firewalls anywhere.  
Tips and tricks to the API   You can do a lot of cool things with the API. Find out some cool tricks shared in our user community. 
GitHub Library    Visit our GitHub repository!
Dynamic Address Groups   Dynamic address groups are used in policy. They allow you to create policy that automatically adapts to changes—adds, moves, or deletions of servers. It also enables the flexibility to apply different rules to the same server based on tags that define its role on the network, the operating system, or the different kinds of traffic it processes.
External Dynamic Lists  

 An External Dynamic List is a text file that is hosted on an external web server so that the firewall can import objects—IP addresses, URLs, domains—included in the list and enforce policy.

API Training  

API training and labs

Get NGFW API Key  

API call to get NGFW API Key

UserID and DAG API Call  

API calls for user ID and dynamic address IPs registration

API call to retrieve logs  

API calls to retrieve logs . e.g. wildfilre is one of the log types

API calls through Panorama  
API calls through panorama: to convert the existing FW API calls to panoram
a, use target option with FW serial number. (&target=device-serial-number)

 

WildFire™ cloud-based threat analysis service is the industry’s most advanced analysis and prevention engine for highly evasive zero-day exploits and malware. The cloud-based service employs a unique multi-technique approach combining dynamic and static analysis, innovative machine learning techniques, and a groundbreaking bare metal analysis environment to detect and prevent even the most evasive threats.

WildFire Technical Documentation   Technical Documentation on WildFire
WildFire API   Read the WildFire API Reference Guide to learn how to use the malware detection capabilities of WildFire through a RESTful XML-based API.
WildFire API Frequently Asked Questions  

This article serves as a home for frequently asked questions about the WildFire API.

 

Integrate with Autofocus

Palo Alto Networks® AutoFocus™ contextual threat intelligence service makes threat analytics, with full context, available to every security organization, not just those with specialized security staff. This hosted security service arms security operations professionals with the highfidelity intelligence, correlation, context and automated prevention workflows needed to identify and respond to events in real time. 

 

Autofocus Technical Documentation   Technical Documentation on Autofocus
Autofocus API   The AutoFocus™ API extends the ability to query the threat intelligence cloud through a programmatic, RESTful API. You can integrate this API into a third-party service, application, or script that accesses AutoFocus outside of the web portal. API responses are in JSON or XML-based STIX format.
Introduction to the Autofocus API  

Ready to harness the power of the AutoFocus threat intelligence service in your own service or app? Watch this video to learn how you can use the AutoFocus portal to easily create API requests.

Maltego for Autofocus  

Maltego is a data visualization tool which allows users to explore the relationships between entities interactively through Transforms. Transforms allow users to query disparate data sources and present a view of the retrieved data in a single view. As of the Summer of 2017, AutoFocus data is now available as a source to query for all subscribers with an API key. Simply install the transforms through the transform hub to get started.

 

Integrate with MineMeld

MineMeld, by Palo Alto Networks, is an extensible Threat Intelligence processing framework and the 'multi-tool' of threat indicator feeds. Based on an extremely flexible engine, MineMeld can be used to collect, aggregate and filter indicators from a variety of sources and make them available for consumption to peers or to the Palo Alto Networks security platforms.

 

MineMeld Live Community

 

Visit the Live Community for technical information and support on MineMeld

MineMeld on GitHub

 

Develop an integration with MineMeld


Integrate with Traps

Traps replaces legacy antivirus and secures endpoints with a multi-method prevention approach that blocks malware and exploits, both known and unknown, before they compromise endpoints, such as laptops, desktops and servers. Integrate with Traps via Syslog

 

Integrate with Aperture

The use of SaaS (software as a service) applications is creating new risks and gaps in security visibility for malware propagation, data leakage and regulatory non-compliance. Aperture delivers complete visibility and granular enforcement across all user, folder and file activity within sanctioned SaaS applications, providing detailed analysis and analytics on usage without requiring any additional hardware, software or network changes. Integrate with Aperture via Syslog and API.

 

 

Free e-learning

Palo Alto Networks Education has a free elearning on Next-Generation Firewalls and Configuration Essentials (Firewall Configuration Essentials 101). If you already have a Palo Alto Networks Learning Center account, please log in here to access the course.  If you do not have a Learning Center account, please click here to register.

 

Community
Integration Resources
Title Posts
There are no unread messages in this message board

Integration Discussions

0
Ask Questions Get Answers Join the Live Community