Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

Palo Alto Networks

Reply
This is an open group. Sign in and click the "Join Group" button to become a group member and start posting.
Infoblox Integration with Palo Alto Network Firewall – Demo Video, Deployment Guide and Templates
Moderator
Posts: 84
Registered: ‎06-21-2017
Moderator
Moderator
Posts: 69

Hello,

 

We are excited to announce the availability of Infoblox integration with Palo Alto Networks Firewalls.

 

The integration of DNS security and vulnerability scanners enables security and incident response teams to enhance visibility, manage assets, and automate remediation. You can improve your security posture while maximizing the ROI from both products. This integration is built with the Infoblox Outbound REST API.

 

Don’t forget to watch the quick demo video shown below:

 

 

In the attached documents you will find the templates for the Palo Alto integration in PDF and txt format. The templates are provided “as-is” and should be tested in your lab environment and modified as needed before implementing them into production.

 

The templates require extensible attributes described in the table below. It is recommended to inherit attributes with the default values from the network view level:

           

Extensible Attribute

Description

PaloAlto_Asset_Sync

Serves as toggle to turn off sync for Asset events. Set default as true to turn on sync. Enable Inheritance in the setup wizard.

PaloAlto_Asset_SyncedAt

 

Updated with timestamp on an asset event. This attribute is created on the specific IP by the WAPI call when not present.

PaloAlto_Security_Sync

 

Serves as toggle to turn on/off sync for Security events. Enable “Inheritance” in the setup wizard and the external attribute from the network level is inherited and used. Default value can be set true.

PaloAlto_Security_SyncedAt

 

Updated with timestamp on a security event. This attribute is created on the specific IP by the WAPI call when not present.

 

the templates require Session variables described in the table below:

 

Session Variable

Description

PaloAlto_Host_Allow

The address group object which needs to be populated on the firewall for allowed hosts. This should be the same as the address group object created through the Palo Alto configuration. Set a default value (eg: Iblox_Host_Allow).

PaloAlto_Host_Deny

The address group object which needs to be populated on the firewall for denied hosts. This should be the same as the address group object created through the Palo Alto configuration. Set a default value (eg: Iblox_Host_Deny).

 
 
Re: Infoblox Integration with Palo Alto Network Firewall – Demo Video, Deployment Guide and Template
New Member
Posts: 1
Registered: ‎09-05-2017
New Member
Posts: 1

I have attached modified template that included auto-commit on Palo Alto firewall. This template will commit only the changes that an API user made. All other configurations by other admins will not commit to the firewall.

Showing results for 
Search instead for 
Did you mean: