Anyone know server sizing requirements for this? Minimum cpu, memory and storage? Also, what is the recommended way to install?
I started by running the command scp export log traffic start-time equal 2018/07/30@00:00:00 end-time equal 2018/07/30@23:45:00 to expedition@172.30.200.117:/PALogs/mltest.csv on my PA220. root@Expedition:/PALogs# ls -ltotal 64296-rw-rw-r-- 1 expedition expedition 65830760 Aug 1 17:35 mltest.csvdrwxr-xr-x 2 www-data www-data 4096 Aug 1 ...
I created an OVA for my team and put it up here (Note, this isn't the official release now offered by PANW): https://drive.google.com/open?id=1Z9GrCF8I_BZzpbEmEh6G75npo05_4G0c Be sure to go Settings > M. Learning > and change the Expedition ML Address address to your VM's IP. Then return to the Dashboad and Start the Agent. [UPDATE 6.4...
Expedition uses APACHE as a web server and PHP as module for the scripts. By default PHP allow users to upload files with a maximum size of 2M, this can be updated by changing the PHP.ini sudo vi /etc/php/7.0/apache2/php.ini go to line where this variable is defined upload_max_filesize = 2M and replace by upload_max_filesize = 250M There...
I have a problem with Rule Enrichment. The error_SecRulesEnrich gives these messages after analysing the data from a rule which has a lot of data (at least by APP-ID): I am connected to a firewall, and i can analyse in Expedition the applications (By APP-ID) and getting results. So i am confused why it sais, no traffic found. MySQL is...
We have quite a few Invalid Services. The only way to remove them is to remove all Unused Objects. Is there a way to just remove the Invalid Services without having to remove all Unused Objects. Looked in the ASA config and for the most part, they do not exist.
Is it possible to derive the progress of changes over time in Best Pratices? Of course I would like to see the changes over time like we can do in online BPA.
How does the Best Practice remediate function work? I cannot find any documentation. Do I have to select the specific option in the template first or will Expedition/BP remediate all the rd x-ed optioons without asking? While using Remediate and chose "SAME Template" how can I update the Panorama/Device configuration? Where is the template sto...
Converting from ASA to PAN. Is there a way to apply a Security Profile Group to a large # of security policies. One can only create a snippet for the individual profiles but not for a group. Tried to edit the policy itself and manually add a group name. It took it, but when we open the policy back up, it is not there. One mentioned to crat...
I think that Expedition is reporting storage incorrectly: both /home/userSpace and /temp are stated as using 58.9% of unit space. Also, how do I delete App-ID logs?
Am trying to run BPA from Expedition against a PAN baseline config. Imported the config and clicked on Start Analysis from the Dashboard. It says it is complete, but is 0% for everything. There is no content/results in the Analysis, Security Policies, and Threat Practice section.
I am getting unexpected results with Best Practice Analysis. For instance, Going to Best Practice > Security Policies shows red X for all tags and many descriptions, but the majority of my policies have both. Also, the adoption diagram shows 0% for High Availability, but I have HA configured to nearly all best practice specifications. Dynam...
Hello Everyone, Using Expedition tool to migrate from Cisco ASA to Palo Alto-- it is not migrating completely-- receiving output as .xml only few configurations are shown after migration. Please give any suggestions to migrate the complete configuration. Thanks in advance.
Dear All, does somebody know when Expedition will be available as OVA or OFV File? Our VMWare Admin denies the implementation or the current downloadable Expedition Tool. Best Regards René from Germany
Hello everyone Do anyone know how to increase the CPU resources? Homer
Hello, is there a communication matrix for the "essential" services/applications/URLs and the "nice to have" services/applications/URLs needed to be allowed in the firewall for the expediation tool? Regards M
Hello, i'm forwarding at the moment traffic logs from Palo Firewalls and Panorama to the Expedition server. I verified with tcpdump that the Expedition-Server recieves the syslogs. Expedition is up to date. I modified the configuration files in "/var/www/html/OS/rsyslog" like described in the "Expedition Log Analysis Guide v1.0". I also chan...
Hello, wanted to see if anyone has ran into this issue. After merging and generating the configuration. The load result on the firewall fails with file is malformed. Looking at the xml the configuration doesn't look correct, the top line reads - "coding="ISO-8859-1"?>" and the configuration spacing is not correct, and missing most of the...
reaper
on:
Preparing Exp Tool for Fortigate to PA migration
reaper
on:
Need to in Expedition tool from scrach
