08-11-2020 05:01 AM
Can someone please let me know how I can customise or disable some checks associated to the different topics’s (Device, Objects, Policies, Network) under BPA in Expedition.
Is there a centralised BPA definition file(csv,XML) that can be updated so Expedition Project BPA report will Get exclude?
08-11-2020 06:19 AM
This is not actually possible.
The BPA checks are performed as a single pack, and the results are also presented as a group.
We have not implemented any process to disable specific checks as the results are mean to provide visibility on aspects that are not following the recommended Palo Alto Networks settings, therefore called Best Practices.
08-11-2020 06:57 AM
If that's the case where can I find a list of all benchmarks/controls that Expedition BPA compare ?
After analysing py best_practice_assessment_ngfw_pano-master.zip under /html/OS/BPA i have noticed that you can add new best practice checks by updating file "analyzers/best_practices/check_config.json" and these check IDs has been hardcoded into the Analyzer classes
Example of BPA check ID 3::
"3":
{
"check_id": 3,
"check_name": "Description Populated",
"check_type": "Warning"
}
Is there a way you can add new BPA controls by using this method?
I have found benchmarks/controls are loaded from below location and some reference are to CSV file located on '/libs/best_practice_assessment/bpat_documentation.csv'. I was able to find contents/benchmarks.xml, but not the CSV file.
Can you able to explain how BPA process is pulling all benchmarks ?
/html/libs/common/bestpractices/loadXML.php
# LOAD Benchmark
if (file_exists(INC_ROOT.'/contents/benchmarks.xml')){
$xml = simplexml_load_file(INC_ROOT.'/contents/benchmarks.xml');
$bestPracticesdb->query("TRUNCATE benchmarks_topics;");
$bestPracticesdb->query("TRUNCATE benchmarks;");
$bestPracticesdb->query("TRUNCATE benchmarks;");
$benchmark_version=$xml->attributes()->version;
$benchmark_date=$xml->attributes()->date;
$checks=array();
$tests=array();
/html/libs/common/bestpractices/bpat.php
function load_csv_description(){
$description=false;
if (file_exists(INC_ROOT.'/libs/best_practice_assessment/bpat_documentation.csv')){
ini_set('auto_detect_line_endings',TRUE);
$handle = fopen(INC_ROOT.'/libs/best_practice_assessment/bpat_documentation.csv','r');
$description=array();
while ( ($data = fgetcsv($handle,0,';') ) !== FALSE ) {
$description[$data[0]]['title']=$data[4];
$description[$data[0]]['description']=$data[6];
}
ini_set('auto_detect_line_endings',FALSE);
}
return $description;
}
08-11-2020 07:49 AM
We are not the developers of the BPA, but we consume the results that the BPA team has implemented and do the mapping for some specific check remediations.
You may want to address to them via their Live space:
https://live.paloaltonetworks.com/t5/best-practice-assessment/ct-p/Best_Practice_Assessment
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
