Mine Palo Alto firewall (custom) reports?

Reply
L0 Member

Mine Palo Alto firewall (custom) reports?

Is anyone mining (own) firewalls reports?

I hate to reinvent wheel, so would appreciate any suggestions.

 

Use case: Teamviewer

They are not publishing their IPs ( https://community.teamviewer.com/t5/Knowledge-Base/Which-ports-are-used-by-TeamViewer/ta-p/4139 ). We have a few firewalls and running custom report on application Teamviewer from Panorama gives a nice list of addresses. I would like to feed those addresses back to EDL and use it to restrict use of Teamviewer. I am not trying to create any instant solution to prevent use of tw, just trying to help people comply to company policy.

 

What I am thinking is to first use curl (and API) to trigger report and then curl report in to minemeld using job number from previous curl reply and then move it under www and mine it. Only bad part is plaintext apikey in curl. And fact that this feels somewhat shaky.

 

So anyone mining firewall reports directly?

 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!