07-29-2016 07:53 AM
Hey Everyone,
Has anyone come across an official RSS feed (or similar) from Palo Alto which allows easy access to recent security advisories. Within my company we're look at pulling these from all our vendors so we can easily automate the notification and tracking of them.
I know the vulnerabilities are published at the link below but these can't easily be processed automatically:
http://securityadvisories.paloaltonetworks.com/
Cisco and Juniper make there's available in much better format:
http://tools.cisco.com/security/center/rss.x?i=44
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
The quality obviously varies but just being able to get the title and CVE number is a start.
Credit where due, Cisco's new-ish OpenVULN API is very useful to work with and provides access to the same information as on their website but in a XML/JSON format, anyone would basic scripting skills could pull the info out and adapt as needed:
https://developer.cisco.com/site/PSIRT/
If they don't have one already Palo Alto could learn a lot from that.
I prefer not to have to deal with the CVE/NVD database if I can avoid it as it's getting very out-of-date with product details, they admit it themselves. This is again where Cisco's API works well as as the vulnerabily information gets added the list of products also does so you can match this up with the asset information for your company.
Thanks
Gu
07-30-2016 05:35 AM
I think you are looking for this, the security advisory postings.
https://securityadvisories.paloaltonetworks.com/
08-02-2016 07:15 AM
For a human being, that's fine and what I currently use (along with Email)
What I was looking for is something that can be processed by a script, hence RSS/XML (or even JSON) format being suggested.
Palo Alto can be very inconsistent at times, they don't provide a easy means of getting the config out of the device so a human can view it (e.g. CSV of security rules), yet information that needs to be acted on relatively quickly is not made available in a format which can be processed by a non-human. Would have thought in the age of mass data consumption, they'd have thought of something as simple as this.
Oh well guess we'll have to stick with the CVE/NVD database for now.
02-07-2018 02:47 AM
Ciao,
same problem ! same problem !!
I'd like to access Security Advisor (SA) in a scripting way . Witj CIsco I'm using openVulnQuery and API as well.
I tried in python parsing https://securityadvisories.paloaltonetworks.com/ using xml/http library and it works, but it's not scalable.
What I'm thinking is getting informations like SA, lastest PAN-OS, Content-update, etc in API.
Let me know !
Thanks
04-24-2023 10:19 AM
I can see that this hasn't received any updates, but there IS an RSS feed now: https://security.paloaltonetworks.com/rss.xml
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
