Dynamic Content updates

Reply
Highlighted
L0 Member

Dynamic Content updates

Hello all, 

I have recently deployed a few Palo Altos to provide IDS across our estate. 
Now this has given our Security team added visibility into whats going on. 
However, one of the things they want is reassurance that the dynamic content updates are up to date, BUT they dont want to simply go and check periodically, they want this process automated and them to be alerted via an email or something of the like if it is not up to date or has failed updating. 

My question to you all is, what do you think is the best way to achieve this? 
My initial thoughts were, if there was a system log generated i could forward that to their splunk instance and they can handle the rest, 
OR
Use some sort of script to call make API calls and even in the event of failiure, to run a check / download / install command. (not that i have much scripting capability right now) 
OR
We have access to Solarwinds or Netbrain, perhaps they could provide something like that? 

Anyway, thank you if you made it this far into the question! 



Accepted Solutions
Highlighted
Cyber Elite

Hi @RichardHum 

I would recomment the option with the script that queries the firewalls API (mainly because I did it already this way with a check on the installed content updates). Do you automatically install the content/antivirus/wildfire updates on the firewall? If yes, then ypur script could periodically query the firewalls and generate an alert for example when the content updates are older than 8 days or when the antivirus updates are older than 2 days. If you are using panorama the query would be even easier aso you do not have to connect to every firewall to see the installed versions.

With a log forwarding it would probably work also. When you forward the system logs they will see the logs of the last installed updates and could then generate an alert when there is no such log entry during the last days. 

So as I wrote, I would prefer the API but you are right, the easiest way for you probably is the logforwarding.

View solution in original post


All Replies
Highlighted
Cyber Elite

Hi @RichardHum 

I would recomment the option with the script that queries the firewalls API (mainly because I did it already this way with a check on the installed content updates). Do you automatically install the content/antivirus/wildfire updates on the firewall? If yes, then ypur script could periodically query the firewalls and generate an alert for example when the content updates are older than 8 days or when the antivirus updates are older than 2 days. If you are using panorama the query would be even easier aso you do not have to connect to every firewall to see the installed versions.

With a log forwarding it would probably work also. When you forward the system logs they will see the logs of the last installed updates and could then generate an alert when there is no such log entry during the last days. 

So as I wrote, I would prefer the API but you are right, the easiest way for you probably is the logforwarding.

View solution in original post

Highlighted
L0 Member

Thats brilliant, thank you @vsys_remo for your response. 

The request is for these firewalls only, but they are managed by Panorama, so i could (and would be happy to) roll something like this out across the estate. 

I have VERY limited knowledge when it comes to working with scripts and API's but am very willing to learn. I have managed to make some successful API calls already from my laptop. Knowing you have achieved this already is reassuring, however i am keen to understand how you achieved it, so if you are happy to share some bits with me! i would be very grateful. 

Also, if you have any reccomendations for places i can learn this stuff then i would appreciate that also! 

Thanks again

Tags (1)
Highlighted
L3 Networker

@vsys_remo ,

 

Could you please provide more details regarding API option  , i am also looking for same  .

 

Thanks ,

 

Deepak

Highlighted
L3 Networker

Hi @vsys_remo ,

 

Could you please provide some more details regarding script.  I am also looking for similar solution like checking periodically and alert in case of no update for given period of time.

 

Thanks..

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!