Skip to main content

PAN-OS Policy Optimizer (Beta)

This Integration is part of the PAN-OS Policy Optimizer (beta) Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

beta

This is a beta Integration, which lets you implement and test pre-release software. Since the integration is beta, it might contain bugs. Updates to the integration during the beta phase might include non-backward compatible features. We appreciate your feedback on the quality and usability of the integration to help us identify issues, fix them, and continually improve.

Automate your AppID Adoption by using this integration together with your Palo Alto Networks Next-Generation Firewall or Panorama. This integration was integrated and tested with version 8 up to version 10.1.6 and version 10.2.0 of PAN-OS Policy Optimizer. Moved to beta due to the lack of a formal API.

Configure PAN-OS Policy Optimizer (Beta) in Cortex#

ParameterRequired
Server URL (e.g., https://192.168.0.1:443)True
UsernameTrue
PasswordTrue
Vsys - Firewall instances onlyFalse
Device Group - Panorama instances onlyFalse
PAN-OS Version (The exact version, e.g., 10.1.4, 1.1, 9)False
Trust any certificate (not secure)False
Use system proxy settingsFalse

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

pan-os-po-get-stats#


Gets the Policy Optimizer statistics.

Base Command#

pan-os-po-get-stats

Input#

Argument NameDescriptionRequired
positionWhether to get pre-rules statistics or post-rules statistics. 'pre' for pre rules, 'post' for post-rules. Only for Panorama instances. Possible values are: pre, post. Default is pre.Optional

Context Output#

PathTypeDescription
PanOS.PolicyOptimizer.Stats.no_app_specifiedNumberNumber of rules with no apps specified.
PanOS.PolicyOptimizer.Stats.unusedNumberNumber of unused security policies.
PanOS.PolicyOptimizer.Stats.unused_appsNumberNumber of unused apps in security policies.
PanOS.PolicyOptimizer.Stats.unused_in_30_daysNumberNumber of unused security policies in 30 days.
PanOS.PolicyOptimizer.Stats.unused_in_90_daysNumberNumber of unused security policies in 90 days.

Command Example#

!pan-os-po-get-stats

Context Example#

{
"PanOS": {
"PolicyOptimizer": {
"Stats": {
"no_app_specified": "1",
"unused": "8",
"unused_apps": "0",
"unused_in_30_days": "13",
"unused_in_90_days": "12"
}
}
}
}

Human Readable Output#

Policy Optimizer Statistics:#

@nametext
no_app_specified1
unused_apps0
unused_in_30_days13
unused_in_90_days12
unused8

pan-os-po-no-apps#


Shows all security policies with no apps specified.

Base Command#

pan-os-po-no-apps

Input#

Argument NameDescriptionRequired
positionWhether to get pre-rules with no apps or post-rules with no apps. 'pre' for pre rules, 'post' for post-rules. Only for Panorama instances. Possible values are: pre, post. Default is pre.Optional

Context Output#

PathTypeDescription
PanOS.PolicyOptimizer.NoAppsUnknownContains information about the rules that have no apps specified. For example, Source and Destination.

Command Example#

!pan-os-po-no-apps

Context Example#

{
"PanOS": {
"PolicyOptimizer": {
"NoApps": {
"@__recordInfo": "{\"permission\":\"readonly\",\"xpathId\":\"panorama\",\"vsysName\":\"vsys1\",\"position\":\"pre\"}",
"@loc": "Lab-Devices",
"@name": "pano_rule",
"@panorama": "true",
"@uuid": "uuid",
"action": "allow",
"application": {
"member": [
"any"
]
},
"apps-allowed-count": "0",
"apps-seen-count": "72",
"bytes": "84800223916",
"category": {
"member": [
"any"
]
},
"days-no-new-app-count": "193",
"description": "a test rule for the move function",
"destination": {
"member": [
"any"
]
},
"first-hit-timestamp": "1602403843",
"from": {
"member": [
"any"
]
},
"hip-profiles": {
"member": [
"any"
]
},
"hit-count": "32193134",
"last-app-seen-since-count": "193",
"last-hit-timestamp": "1602468975",
"last-reset-timestamp": "0",
"rule-creation-timestamp": "1575916248",
"rule-modification-timestamp": "1614045009",
"service": {
"member": [
"application-default"
]
},
"source": {
"member": [
"any"
]
},
"source-user": {
"member": [
"any"
]
},
"to": {
"member": [
"any"
]
}
}
}
}
}

Human Readable Output#

Policy Optimizer No App Specified:#

@name@uuidactiondescriptionsourcedestination
pano_ruleuuidallowa test rule for the move functionmember: anymember: any

pan-os-po-unused-apps#


Gets the unused apps.

Base Command#

pan-os-po-unused-apps

Input#

Argument NameDescriptionRequired
positionWhether to get pre-rules unused apps or post-rules unused apps. 'pre' for pre rules, 'post' for post-rules. Only for Panorama instances. Possible values are: pre, post. Default is pre.Optional

Context Output#

PathTypeDescription
PanOS.PolicyOptimizer.UnusedAppsStringShows all security rules with unused apps.

pan-os-po-get-rules#


Gets unused, used, or any rules.

Base Command#

pan-os-po-get-rules

Input#

Argument NameDescriptionRequired
timeframeThe time frame in days to show the unused rules. Default is 30.Optional
usageRule usage type to filter by. Can be Unused, Used, or Any. Possible values are: Unused, Used, Any. Default is Unused.Optional
excludeWhether to exclude rules reset during the last x days, where x is the value defined in the timeframe argument. It will not exclude rules by default. Possible values are: false, true. Default is false.Optional
positionWhether to get pre-rules, post-rules or both. 'pre' for pre rules, 'post' for post-rules, only for panorama instances. Possible values are: pre, post, both. Default is both.Optional
rule_typeWhich type of rules to query. Possible values are: security, nat, qos, pbf, decryption, tunnel-inspect, application-override, authentication, dos, sdwan. Default is security.Optional
limitThe maximum number of rules to return. Default is 200.Optional
page_sizeThe amount of items to return in each paginated call. Can only be a value of up to 200. Default is 200.Optional
pageA specific pagination page to get items from.Optional

Context Output#

PathTypeDescription
PanOS.PolicyOptimizer.UnusedRulesStringShows all unused security rules.
PanOS.PolicyOptimizer.AnyRulesStringShows all security rules.
PanOS.PolicyOptimizer.UsedRulesStringShows all used security rules.

Command Example#

!pan-os-po-get-rules usage=Any

Context Example#

{
"PanOS": {
"PolicyOptimizer": {
"AnyRules": [
{
"@__recordInfo": "{\"permission\":\"readonly\",\"xpathId\":\"panorama\",\"vsysName\":\"vsys1\",\"position\":\"pre\"}",
"@loc": "Lab-Devices",
"@name": "tip rule",
"@panorama": "true",
"@uuid": "uuid",
"action": "allow",
"application": {
"member": [
"any"
]
},
"apps-allowed-count": "0",
"apps-seen-count": "0",
"bytes": "0",
"category": {
"member": [
"any"
]
},
"days-no-new-app-count": [],
"destination": {
"member": [
"any"
]
},
"first-hit-timestamp": "0",
"from": {
"member": [
"any"
]
},
"hip-profiles": {
"member": [
"any"
]
},
"hit-count": "0",
"last-app-seen-since-count": [],
"last-hit-timestamp": "0",
"last-reset-timestamp": "0",
"rule-creation-timestamp": "1575925916",
"rule-modification-timestamp": "1614045009",
"service": {
"member": [
"application-default"
]
},
"source": {
"member": [
"tip"
]
},
"source-user": {
"member": [
"any"
]
},
"to": {
"member": [
"any"
]
}
}
]
}
}
}

Human Readable Output#

PolicyOptimizer AnyRules:#

@name@uuidactiondescriptionsourcedestination
tip ruleuuidallowmember: tipmember: any

pan-os-po-app-and-usage#


Gets the app usage statistics for a specific security rule.

Base Command#

pan-os-po-app-and-usage

Input#

Argument NameDescriptionRequired
rule_uuidThe UUID of the security rule.Required

Context Output#

PathTypeDescription
PanOS.PolicyOptimizer.AppsAndUsageUnknownShows detailed app usage statistics for specific security rules.

Command Example#

!pan-os-po-app-and-usage rule_uuid=uuid

Human Readable Output#

Rule with UUID:{uuid} does not use apps.

pan-os-get-dag#


Gets a specific dynamic address group.

Base Command#

pan-os-get-dag

Input#

Argument NameDescriptionRequired
dagDynamic address group name.Required

Context Output#

There is no context output for this command.