Expedition BPA customise or disable some checks associated to the different

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Expedition BPA customise or disable some checks associated to the different

L0 Member

Can someone please let me know how I can customise or disable some checks associated to the different topics’s (Device, Objects, Policies, Network) under BPA in Expedition. 

Is there a centralised BPA definition file(csv,XML) that can be updated so Expedition Project BPA report will Get exclude? 

3 REPLIES 3

L5 Sessionator

This is not actually possible.

The BPA checks are performed as a single pack, and the results are also presented as a group.

 

We have not implemented any process to disable specific checks as the results are mean to provide visibility on aspects that are not following the recommended Palo Alto Networks settings, therefore called Best Practices.

If that's the case where can I find a list of all benchmarks/controls that Expedition BPA compare ?

 

After analysing py best_practice_assessment_ngfw_pano-master.zip under /html/OS/BPA i have noticed that you can add new best practice checks by updating file "analyzers/best_practices/check_config.json" and these check IDs has been hardcoded into the Analyzer classes

 

Example of BPA check ID 3::

"3":
{
"check_id": 3,
"check_name": "Description Populated",
"check_type": "Warning"
}

 

Is there a way you can add new BPA controls by using this method?

 

I have found benchmarks/controls are loaded from below location and some reference are to CSV file located on '/libs/best_practice_assessment/bpat_documentation.csv'. I was able to find contents/benchmarks.xml, but not the CSV file. 

 

Can you able to explain how BPA process is pulling all benchmarks ? 

 

/html/libs/common/bestpractices/loadXML.php

 

# LOAD Benchmark
if (file_exists(INC_ROOT.'/contents/benchmarks.xml')){
$xml = simplexml_load_file(INC_ROOT.'/contents/benchmarks.xml');
$bestPracticesdb->query("TRUNCATE benchmarks_topics;");
$bestPracticesdb->query("TRUNCATE benchmarks;");
$bestPracticesdb->query("TRUNCATE benchmarks;");
$benchmark_version=$xml->attributes()->version;
$benchmark_date=$xml->attributes()->date;
$checks=array();
$tests=array();

 

/html/libs/common/bestpractices/bpat.php

 

function load_csv_description(){
$description=false;

if (file_exists(INC_ROOT.'/libs/best_practice_assessment/bpat_documentation.csv')){
ini_set('auto_detect_line_endings',TRUE);
$handle = fopen(INC_ROOT.'/libs/best_practice_assessment/bpat_documentation.csv','r');
$description=array();
while ( ($data = fgetcsv($handle,0,';') ) !== FALSE ) {
$description[$data[0]]['title']=$data[4];
$description[$data[0]]['description']=$data[6];
}
ini_set('auto_detect_line_endings',FALSE);
}

return $description;
}

 

 

We are not the developers of the BPA, but we consume the results that the BPA team has implemented and do the mapping for some specific check remediations.

 

You may want to address to them via their Live space:
https://live.paloaltonetworks.com/t5/best-practice-assessment/ct-p/Best_Practice_Assessment

  • 3996 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!