Palo Alto Firewall 2.0.0
App Vendor: Palo Alto Networks
App Category: Network Security
Connector Version: 2.0.0
API Version: v1.0
About App
The Palo Alto Firewall app in Orchestrate application allows security teams to integrate with the Palo Alto Firewall enterprise application which provides a single location from which you can oversee all applications, users, and content traversing your network, and then use this knowledge to create policies that protect and control the network.
The Palo Alto Firewall app is configured with Orchestrate application to perform the following actions:
Action Name | Description |
|---|---|
Get System Details | This action retrieves system details from Palo Alto Firewall. |
Create Address Group | This action creates an address group on Palo Alto Firewall. |
List Address Groups | This action retrieves the list of all address groups. |
Delete Address Group | This action removes an address group from Palo Alto Firewall. |
Create Address Object | This action creates an address object on Palo Alto Firewall. |
List Address Objects | This action retrieves the list of all address objects from the Palo Alto Firewall. |
Delete Address Object | This action removes an address object from Palo Alto Firewall. |
Add Address Object to Address Group | This action adds an address object to an address group. |
Remove Address Object From Address Group | This action removes an address object from an address group. |
List Application Filters | This action retrieves the list of all application filters from the Palo Alto Firewall. |
Get Application Filter Details | This action retrieves all the details about an application filter. |
Create Application Filter | This action creates a new application filter. |
Delete Application Filter | This action deletes an application filter. |
List Application Groups | This action retrieves the list of all application filter groups. |
Create Application Group | This action creates an application group. |
Delete Application Group | This action deletes an application group. |
Add Application to Application Group | This action adds an application or application filter to an application group. |
Remove Application From Application Group | This action removes an application or application filter from an application group. |
List Applications | This action retrieves the list of all custom applications. |
Create Application | This action creates an application object. |
Delete Application | This action deletes an application from the Palo Alto Firewall. |
List Global Protect Users | This action retrieves the list of all global protect users. |
Disconnect Global Protect User | This action force logs out a user. |
Edit Configuration | This action edits an object at the given xpath, and changes the element specified. |
Get Configuration | This action retrieves the configuration for the object specified. |
Configuration Parameters
The following configuration parameters are required for the Palo Alto Firewall app to communicate with the Palo Alto Firewall enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Server | Enter the server identifier for your PaloAlto Firewall application. Example: "panos.cyware.com" | Text | Required | |
Username | Enter the username used to log in to the server. Example: "SampleUsername" | Text | Required | |
Password | Enter the password used to log in to the server. Example: SamplePassword | Password | Required |
Action: Get System Details
This action retrieves system details from PaloAlto Firewall.
Action Input Parameters
This action does not require any input parameter.
Action: Create Address Group
This action creates an address group on PaloAlto Firewall.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Address Group Name | Enter the name of the address group to create. Example: "Sample Group" | Text | Required | |
Description | Enter the description of the address group. Example: "Sample Description" | Text | Required |
Example Request
[
{
"description": "Sample Description",
"address_group_name": "Sample Group"
}
]Action: List Address Objects
This action retrieves the list of all address objects from the PaloAlto Firewall.
Action Input Parameters
This action does not require any input parameter.
Action: Delete Address Group
This action removes an address group from PaloAlto Firewall.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Address Group Name | Enter the name of the address group. Example: "Sample Address Group" | Text | Required |
Example Request
[
{
"address_group_name": "Sample Address Group"
}
]Action: Create Address Object
This action creates an address object on PaloAlto Firewall.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Name | Enter the name of the address object. Example: "Sample Address Object" | Text | Required | |
Value | Enter the value associated with this address object. Example: "192.168.1.1" | Text | Required | |
Address object type | Enter the type of address. Example: "ip-netmask" | Text | Required | Allowed values:
|
Description | Enter the description of this address object. Example: "Enter a description for the address object" | Text | Required | |
Tags | Enter the optional list of tags associated with this object. New tags must be created in the application UI before they can be applied here. Example: $LIST[Tag1, Tag2, Tag3] | List | Optional |
Example Request
[
{
"name": "Sample Address Object",
"value": "127.0.0.1",
"description": "Enter a description for the address object",
"address_object_type": "ip-netmask"
}
]Action: List Address Objects
This action retrieves the list of all address objects from the PaloAlto Firewall.
Action Input Parameters
This action does not require any input parameter.
Action: Delete Address Object
This action removes an address object from PaloAlto Firewall.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Address Object Name | Enter the name of the address object to remove. Example: "Sample Address Object" | Text | Required |
Example Request
[
{
"address_object_name": "Sample Address Object"
}
]Action: Add Address Object to Address Group
This action adds an address object to an address group.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Address Object to Add | Enter the name of the address object to add. Example: "Sample Address Object" | Text | Required | |
Address group name | Enter the name of the address group to add to. Example: "Sample Address Group" | Text | Required |
Example Request
[
{
"address_group_name": "Sample Address Object",
"address_object_to_add": "Sample Address Group"
}
]Action: Remove Address Object From Address Group
This action removes an address object from an address group.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Address Object to Remove | Enter the name of the address object to remove. Example: "Sample Address Object" | Text | Required | |
Address Group Name | Enter the name of the address group to remove from. Example: "Sample Address Group" | Text | Required |
Example Request
[
{
"address_group_name": "Sample Address Object",
"address_object_to_remove": "Sample Address Group"
}
]Action: List Application Filters
This action retrieves the list of all application filters from the PaloAlto Firewall.
Action Input Parameters
This action does not require any input parameter.
Action: Get Application Filter Details
This action retrieves all the details about an application filter.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Application Filter Name | Enter the application filter name to get details. Example: "Sample Application Filter" | Text | Required |
Example Request
[
{
"application_filter_name": "Sample Application Filter"
}
]Action: Create Application Filter
This action creates a new application filter.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Name | Enter the name of the application filter. Example: "Sample Application Filter" | Text | Required | |
Category | Enter the list of categories of the application filter. Example: $LIST[networking, business-systems] | List | Required | |
Sub category | Enter the list of sub-categories of the application filter. Example: $LIST[file-sharing, internet-utility] | List | Optional | |
Technology | Enter the technologies used by this application. Example: $LIST["tor"] | List | Optional | |
Risk | Enter the risk levels applicable to this application. Example: $LIST["1", "2"] | List | Optional | |
Evasive | Specify if the application is evasive. Example: $JSON[True] | Boolean | Optional | |
Excessive bandwidth use | Specify if the application uses excessive bandwidth. Example: $JSON[True] | Boolean | Optional | |
Prone to misuse | Specify if the application is prone to misuse. Example: $JSON[True] | Boolean | Optional | |
Is saas | Specify this as a SAAS application. Example: $JSON[True] | Boolean | Optional | |
Transfers files | Specify if this application can transfer files. Example: $JSON[True] | Boolean | Optional | |
Tunnels other apps | Specify if this application can tunnel other apps. Example: $JSON[True] | Boolean | Optional | |
Used by malware | Specify if the application is exploited by malware. Example: $JSON[True] | Boolean | Optional | |
Has known vulnerabilities | Specify if the application has known vulnerabilities. Example: $JSON[True] | Boolean | Optional | |
Pervasive | Specify if this application is pervasive. Example: $JSON[True] | Boolean | Optional | |
Tags | Specify the list of tags associated with this application. New tags must be created in the application UI. Example: $LIST["web app", "elearning"] | List | Optional |
Example Request
[
{
"name": "QA Filter",
"category": [
"networking"
]
}
]Action: Delete Application Filter
This action deletes an application filter.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Application Filter Name | Enter the name of the application filter to delete. Example: "Sample Application Filter" | Text | Required |
Example Request
[
{
"application_filter_name": "Sample Application Filter"
}
]Action: List Application Groups
This action retrieves the list of all application filter groups.
Action Input Parameters
This action does not require any input parameter.
Action: Create Application Group
This action creates an application group.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Application Group Name | Enter the name of the application group to create. Example: "Sample Application Group" | Text | Required |
Example Request
[
{
"application_group_name": "Sample Application Group"
}
]Action: Delete Application Group
This action deletes an application group.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Application Group Name | Enter the application group name to delete. Example: "Sample Application Group" | Text | Required |
Example Request
[
{
"application_group_name": "Sample Application Group"
}
]Action: Add Application to Application Group
This action adds an application or application filter to an application group.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Application Filter Name | Enter the name of the application or application filter to add. Example: "Sample Application Filter" | Text | Required | |
Application Group Name | Enter the name of the application group to add the filter. Example: "Sample Application Group" | Text | Required |
Example Request
[
{
"application_group_name": "Sample Application Group",
"application_filter_name": "Sample Application Filter"
}
]Action: Remove Application From Application Group
This action removes an application or application filter from an application group.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Application Filter Name | Enter the application or application filter to remove. Example: "Sample Application Filter" | Text | Required | |
Application Group Game | Enter the application group to remove the application filter from. Example: "Sample Application Group" | Text | Required |
Example Request
[
{
"application_group_name": "Sample Application Group",
"application_filter_name": "Sample Application Filter"
}
]Action: List Applications
This action retrieves the list of all custom applications.
Action Input Parameters
This action does not require any input parameter.
Action: Create Application
This action creates an application object.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Name | Enter the name of the application. Example: "Sample Application" | Text | Required | |
Category | Enter the category of the application. Example: "business-systems" | Text | Required | |
Subcategory | Enter the subcategory of the application. Example: "auth-service" | Text | Optional | |
Description | Enter the description of the application. Example: "Sample Description" | Text | Optional | |
Tag | Enter the list of tags associated with the application. Example: $LIST["malware", "operations"] | List | Optional | |
Technology | Enter the type of technology associated with this application. Example: "peer-to-peer" | Text | Optional | |
Risk | Enter a numeric risk of the application. Example: 3 | Integer | Optional | |
Default type | Enter the default identification type of the application. Example: "sample-identification" | Text | Optional | |
Default ports | Enter the list of applicable ports. | List | Optional | |
Default IP protocol | Enter the default IP protocol. Example: "TCP" | Text | Optional | |
Default ICMP type | Enter the default ICMP type. Example: 2 | Integer | Optional | |
Default ICMP code | Enter the default ICMP code. Example: 3 | Integer | Optional | |
Parent app | Enter the parent application for which this app falls. Example: "Sample App" | Text | Optional | |
Timeout | Enter the default timeout. Example: 4 | Integer | Optional | |
TCP timeout | Enter the TCP timeout. Example: 5 | Integer | Optional | |
UDP timeout | Enter the UDP timeout. Example: 5 | Integer | Optional | |
Tcp half closed timeout | Enter the TCP half-closed timeout. Example: 5 | Integer | Optional | |
Tpc time wait timeout | Enter the wait time timeout. Example: 6 | Integer | Optional | |
Evasive behavior | Specify if the application is actively evasive. Example: $JSON[True] | Boolean | Optional | |
Consume big bandwidth | Specify if the application consumes excessive bandwidth. Example: $JSON[True] | Boolean | Optional | |
Used by malware | Specify if the application is used by malware. Example: $JSON[False] | Boolean | Optional | |
Able to transfer file | Specify if the application is able to transfer files. Example: $JSON[False] | Boolean | Optional | |
Has known vulnerability | Specify if the application has any known vulnerabilities. Example: $JSON[True] | Boolean | Optional | |
Tunnel other application | Specify if the application tunnels other applications. Example: $JSON[True] | Boolean | Optional | |
Tunnel applications | Enter the list of tunneled applications. Example: $LIST["tor"] | List | Optional | |
Prone to misuse | Specify if the application is prone to misuse. Example: $JSON[True] | Boolean | Optional | |
Pervasive use | Specify if the application has pervasive usage. Example: $JSON[True] | Boolean | Optional | |
File type identity | Specify the identified file type identity. Example: $JSON[False] | Boolean | Optional | |
Virus identity | Specify if the application is a virus. Example: $JSON[False] | Boolean | Optional | |
Data identity | Specify if the application affects data. Example: $JSON[False] | Boolean | Optional |
Example Request
[
{
"name": "Sample Application",
"category": "business-systems"
}
]Action: Delete Application
This action deletes an application from the PaloAlto Firewall.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Application Name | Enter the name of the application to delete. Example: "Sample Application" | Text | Required |
Example Request
[
{
"application_name": "Sample Application"
}
]Action: List Global Protect Users
This action retrieves the list of all global protect users.
Action Input Parameters
This action does not require any input parameter.
Action: Disconnect Global Protect User
This action force logs out a user.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Gateway | Enter the gateway to log out the user from. Example: "sample gateway" | Text | Required | |
Username | Enter the username. Example: "sample computer" | Text | Required | |
Computer | Enter the user's computer or device name. Example: "sampleusername" | Text | Required |
Example Request
[
{
"gateway": "sample gateway",
"computer": "sample computer",
"username": "sampleusername"
}
]Action: Edit Configuration
This action edits an object at the given xpath, and changes the element specified.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Xpath | Enter xpath of the object to change. The xpath should not end with a '/' character. Example: "/config/devices/entry/vsys/entry/address/entry[@name=\"fake address\"]" | Text | Required | |
Element | Enter the element to be changed. The element is in XML. | Text | Required |
Example Request
[
{
"xpath": "/config/devices/entry/vsys/entry/address/entry[@name=\"fake address\"]",
"element": "<entry name=\"fake address\"><ip-netmask>2.2.2.2</ip-netmask></entry>",
"ssl_verification": false
}
]Action: Get Configuration
This action retrieves the configuration for the object specified.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Xpath | Enter the xpath of the object to change. Example: "/devices/entry/vsys/entry/address" | Text | Required |
Example Request
[
{
"xpath": "/devices/entry/vsys/entry/address"
}
]