PAN-OS_Security_Advisories_Enrichment
This Script is part of the PAN-OS by Palo Alto Networks Pack.#
Supported versions
Supported Cortex XSOAR versions: 6.0.0 and later.
PANOSSecurityAdvisories_Enrichment#
This script enriches CVEs published by Palo Alto Networks with detailed vulnerability information from the official Palo Alto Networks Security Advisories website https://security.paloaltonetworks.com.
Description#
The script retrieves comprehensive vulnerability data including CVSS scores, affected products, version information, exploits, workarounds, and solutions from Palo Alto Networks' security advisories. It supports both CVE identifiers and PAN-SA advisory IDs, automatically determining the appropriate data source and format.
Inputs#
| Argument Name | Description | Required |
|---|---|---|
| cve_id | CVE ID(s) or PAN-SA advisory ID(s) to enrich (array) | Required |
Outputs#
| Path | Type | Description |
|---|---|---|
| PANOSSecurityAdvisories.Advisory.cve_id | String | CVE ID |
| PANOSSecurityAdvisories.Advisory.title | String | CVE Title |
| PANOSSecurityAdvisories.Advisory.description | String | Vulnerability description |
| PANOSSecurityAdvisories.Advisory.cve_url | String | Link to the PANW Security Advisories page |
| PANOSSecurityAdvisories.Advisory.cvss_score | Number | Base score of CVE |
| PANOSSecurityAdvisories.Advisory.cvss_severity | String | Base severity of CVE (LOW, MEDIUM, HIGH, CRITICAL) |
| PANOSSecurityAdvisories.Advisory.cvethreatscore | Number | Threat Score of the CVE |
| PANOSSecurityAdvisories.Advisory.cvethreatseverity | String | Threat Severity of CVE (LOW, MEDIUM, HIGH, CRITICAL) |
| PANOSSecurityAdvisories.Advisory.cvss_vector_string | String | CVSS Vector indicating metrics of attack |
| PANOSSecurityAdvisories.Advisory.cvss_table | Unknown | Metrics of the vulnerability |
| PANOSSecurityAdvisories.Advisory.affected_list | Unknown | List of affected products, their versions and changes introduced with fixes |
| PANOSSecurityAdvisories.Advisory.cveproductstatus | Unknown | List of affected products with platform information and fixed versions |
| PANOSSecurityAdvisories.Advisory.cpes | Unknown | Affected products defined by CPE |
| PANOSSecurityAdvisories.Advisory.published_date | Date | Date when it was published to the advisories page |
| PANOSSecurityAdvisories.Advisory.last_updated_date | Date | Date when it was last updated on the advisories page |
| PANOSSecurityAdvisories.Advisory.solution | String | Solution provided for the CVE |
| PANOSSecurityAdvisories.Advisory.workaround | String | Workaround for the CVE |
| PANOSSecurityAdvisories.Advisory.configurations | String | Required configurations for exploit |
| PANOSSecurityAdvisories.Advisory.exploits | String | Known exploits of this vulnerability in the field |
| PANOSSecurityAdvisories.Advisory.impact | String | Impact description of the vulnerability |
| PANOSSecurityAdvisories.Advisory.external_cve_list | Unknown | If input CVE is a PAN-SA advisory then list of related non-PANW CVEs |
Context Example#
Human Readable Output#
| Field | Value |
|---|---|
| CVE ID | CVE-2024-1234 |
| Title | OS Command Injection Vulnerability in PAN-OS |
| CVSS Score | 9.8 |
| Severity | CRITICAL |
| Published Date | 2024-04-10T16:00:00.000Z |
| Solution | This issue is fixed in PAN-OS 10.2.4-h16, PAN-OS 11.0.1, and all later PAN-OS versions. |
Notes#
- The script automatically handles both CVE and PAN-SA format inputs.
- For PAN-SA advisories, the script attempts to retrieve additional CSAF (Common Security Advisory Framework) data.
- Version information is parsed and sorted to provide clear affected/unaffected status.
- CVSS metrics are prioritized by score (highest first) when multiple metrics are available.
- External CVE references are included for PAN-SA advisories when available.
- The script connects to the Palo Alto Networks Security Advisories page for data retrieval.