Palo Alto Networks PAN-OS

Configure the action connector for Palo Alto Networks PAN-OS.

In this guide, you'll set up a trusted relationship between Radiant and Palo Alto Networks PAN-OS to enable automated and one-click response actions.

Available actions

The following action is available after you set up the Palo Alto Networks PAN-OS action connector. Keep in mind, additional permissions are required.

  • Block IP Address

At the end of this configuration, you will provide Radiant Security with the following:

  • Administrator Username

  • Administrator Password

  • PAN-OS BaseURL

Prerequisites

Note: The connector described in this document were tested on v9.1, v10.1 and v11.0, with v9.1 being the oldest present in https://docs.paloaltonetworks.com/pan-os/.

Add an administrator in Palo Alto

  1. Login to your Palo Alto firewall.

  2. On the top navigation bar, click Device.

  3. From the left navigation menu, click Admin Roles.

  4. Add a new admin profile:

    • Name: radiantsecurityadmin

  5. Add the required permissions

    XML API

    • Commit (Enable)

    REST API

    • Objects - Addresses (Enable)

    • Objects - AddressGroups (Enable)

    • Device - VirtualSystems (Read Only)

  6. Click OK to create the admin profile.

  7. From the left navigation menu, click Administrators.

  8. Add a new user with the following features:

  • Name: radiantsecurity

  • Administrator Type: Role Based

  • Password: <generated password>

  • Profile: radiantsecurityadmin

    • Choose the role created in the previous step

9. In the top navigation menu, click Commit to save the configuration changes.

Create the action connector in Radiant Security

  1. Navigate to Settings > Action Connectors and click + Add Connector.

  2. Search for and select Palo Alto Networks PAN-OS and then click Credentials.

  3. Under Credential Name, enter a credential name (PAN-credentials for example)

  4. Under Required Credentials, add the information you obtained from the previous step:

    • Administrator Username

    • Administrator Password

    • PAN-OS BaseURL

  5. Click Add Connector to save your changes.

Note: The base URL is the FQDN or Public IP Address of the Palo Alto Firewall or Panorama followed by the version. For example: https://111.163.30.32/restapi/9.1/

Last updated