# Execute Response Actions with Palo Alto Networks PAN-OS

In this guide, you'll set up a trusted relationship between Radiant and Palo Alto Networks PAN-OS to enable automated and one-click response actions. 

<details>

<summary><i class="fa-bolt-lightning">:bolt-lightning:</i> <mark style="color:red;">Available actions</mark></summary>

The following action is available after you set up the Palo Alto Networks PAN-OS action connector. Keep in mind, additional permissions are required.

* **Block IP Address**

</details>

At the end of this configuration, you will provide Radiant Security with the following:

* **Administrator Username**
* **Administrator Password**
* **PAN-OS BaseURL**

### Prerequisites

* [ ] Palo Alto: Administrator

{% hint style="info" %}
**Note:** The connector described in this document were tested on v9.1, v10.1 and v11.0, with v9.1 being the oldest present in <https://docs.paloaltonetworks.com/pan-os/>.
{% endhint %}

### Add an administrator in Palo Alto

1. Login to your Palo Alto firewall.
2. On the top navigation bar, click **Device.**
3. From the left navigation menu, click **Admin Roles.**
4. Add a new admin profile:

   * Name: `radiantsecurityadmin`

   <div align="left"><figure><img src="https://2439665791-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPsFulb2ZOtSPcRSc2rXE%2Fuploads%2FBjJrTY2Yu9BjSsih9uo4%2FPalo_Alto_Networks_Action_Connector_01.webp?alt=media&#x26;token=a7f2857b-904f-4a10-aae5-bae4324df74c" alt="" width="563"><figcaption></figcaption></figure></div>
5. Add the required permissions

   **XML API**

   * **Commit (Enable)**

   **REST API**

   * Objects - Addresses (Enable)
   * Objects - AddressGroups (Enable)
   * Device - VirtualSystems (Read Only)
6. Click **OK** to create the admin profile.
7. From the left navigation menu, click **Administrators.**
8. Add a new user with the following features:

<div align="left"><figure><img src="https://2439665791-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPsFulb2ZOtSPcRSc2rXE%2Fuploads%2F3hDbkphg3DZJ8OodimL5%2FPalo_Alto_Networks_Action_Connector_02.webp?alt=media&#x26;token=9c57d8df-84ca-48d4-ac93-715d25eada51" alt=""><figcaption></figcaption></figure></div>

* Name: `radiantsecurity`
* Administrator Type: **Role Based**
* Password: `<generated password>`
* Profile: **radiantsecurityadmin**
  * Choose the role created in the previous step

{% hint style="warning" %}
**Important note:** Save both **username** and **password** of the administrator profile. This will be provided to Radiant Security in a later step.
{% endhint %}

9\.   In the top navigation menu, click **Commit** to save the configuration changes.

{% hint style="warning" %}
**Important note:** On the connector configuration we must also save PAN-OS base URL. This is both the API domain to be used and PanOS web URL that we need to add to the Radiant connector.
{% endhint %}

### Create the action connector in Radiant Security

1. Login to [Radiant Security](https://app.radiantsecurity.ai/).
2. Navigate to **Settings** > **Action Connectors** and click **+ Add Connector**.
3. Search for and select **Palo Alto Networks PAN-OS** and then click **Credentials**.
4. Under **Credential** **Name**, enter a credential name (`PAN-credentials` for example)
5. Under **Required** **Credentials**, add the information you obtained from the previous step:&#x20;
   * **Administrator Username**
   * **Administrator Password**
   * **PAN-OS BaseURL**
6. Click **Add Connector** to save your changes.

{% hint style="info" %}
**Note:** The base URL is the FQDN or Public IP Address of the Palo Alto Firewall or Panorama followed by the version. For example: `https://111.163.30.32/restapi/9.1/`
{% endhint %}

{% hint style="warning" %}
**Important note:** Palo Alto Firewall must be reachable for Radiant to execute the actions.
{% endhint %}