Expedition BPA customise or disable some checks associated to the different

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L0 Member

Expedition BPA customise or disable some checks associated to the different

Can someone please let me know how I can customise or disable some checks associated to the different topics’s (Device, Objects, Policies, Network) under BPA in Expedition. 

Is there a centralised BPA definition file(csv,XML) that can be updated so Expedition Project BPA report will Get exclude? 

Tags (2)
Highlighted
L5 Sessionator

This is not actually possible.

The BPA checks are performed as a single pack, and the results are also presented as a group.

 

We have not implemented any process to disable specific checks as the results are mean to provide visibility on aspects that are not following the recommended Palo Alto Networks settings, therefore called Best Practices.

L0 Member

If that's the case where can I find a list of all benchmarks/controls that Expedition BPA compare ?

 

After analysing py best_practice_assessment_ngfw_pano-master.zip under /html/OS/BPA i have noticed that you can add new best practice checks by updating file "analyzers/best_practices/check_config.json" and these check IDs has been hardcoded into the Analyzer classes

 

Example of BPA check ID 3::

"3":
{
"check_id": 3,
"check_name": "Description Populated",
"check_type": "Warning"
}

 

Is there a way you can add new BPA controls by using this method?

 

I have found benchmarks/controls are loaded from below location and some reference are to CSV file located on '/libs/best_practice_assessment/bpat_documentation.csv'. I was able to find contents/benchmarks.xml, but not the CSV file. 

 

Can you able to explain how BPA process is pulling all benchmarks ? 

 

/html/libs/common/bestpractices/loadXML.php

 

# LOAD Benchmark
if (file_exists(INC_ROOT.'/contents/benchmarks.xml')){
$xml = simplexml_load_file(INC_ROOT.'/contents/benchmarks.xml');
$bestPracticesdb->query("TRUNCATE benchmarks_topics;");
$bestPracticesdb->query("TRUNCATE benchmarks;");
$bestPracticesdb->query("TRUNCATE benchmarks;");
$benchmark_version=$xml->attributes()->version;
$benchmark_date=$xml->attributes()->date;
$checks=array();
$tests=array();

 

/html/libs/common/bestpractices/bpat.php

 

function load_csv_description(){
$description=false;

if (file_exists(INC_ROOT.'/libs/best_practice_assessment/bpat_documentation.csv')){
ini_set('auto_detect_line_endings',TRUE);
$handle = fopen(INC_ROOT.'/libs/best_practice_assessment/bpat_documentation.csv','r');
$description=array();
while ( ($data = fgetcsv($handle,0,';') ) !== FALSE ) {
$description[$data[0]]['title']=$data[4];
$description[$data[0]]['description']=$data[6];
}
ini_set('auto_detect_line_endings',FALSE);
}

return $description;
}

 

 

Highlighted
L5 Sessionator

We are not the developers of the BPA, but we consume the results that the BPA team has implemented and do the mapping for some specific check remediations.

 

You may want to address to them via their Live space:
https://live.paloaltonetworks.com/t5/best-practice-assessment/ct-p/Best_Practice_Assessment

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!