Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/paloaltonetworks/panos-set-additional-threat-log

In PAN-OS 8.1.2, Palo Alto introduced additional threat logging that is enabled with an OP/CLI command. This application is a tool that allows you to enable the feature on multiple firewalls directly or through Panorama.
https://github.com/paloaltonetworks/panos-set-additional-threat-log

logging pan-os panorama

Last synced: 3 months ago
JSON representation

In PAN-OS 8.1.2, Palo Alto introduced additional threat logging that is enabled with an OP/CLI command. This application is a tool that allows you to enable the feature on multiple firewalls directly or through Panorama.

Awesome Lists containing this project

README 

        
# panos-set-additional-threat-log

In PAN-OS 8.1.2 and higher, Palo Alto introduced additional threat logging that is enabled with an OP/CLI command. This application is a tool that allows you to enable the feature on multiple firewalls directly or through Panorama.

The following command enables the feature:



    set system setting additional-threat-log on



Explanation of the feature:



Enable the firewall to generate Threat logs for a teardrop attack and a DoS attack using ping of death,

and also generate Threat logs for the types of packets listed above if you enable the corresponding packet-based attack

protection (in Step 1). For example, if you enable packet-based attack protection for Spoofed IP address,

using the following OP/CLI causes the firewall to generate a Threat log when the firewall receives and drops a packet

with a spoofed IP address.



For more information on this feature visit the following link:



    https://live.paloaltonetworks.com/t5/blogs/pan-os-8-1-2-introduces-new-log-options/ba-p/217858



```

usage: panos-set-additional-threat-log.py [-h] {panorama_all,firewall_list,panorama_list,firewall_file,panorama_file} ..



Palo Alto Set Additional Threat Log Tool



optional arguments:

    -h, --help            show this help message and exit



subcommands:

    For a list of arguments for each command, type panos-set-additional-threat-log.py  -h



    {panorama_all,firewall_list,panorama_list,firewall_file,panorama_file}

        panorama_all        Run on all devices connected to Panorama

        firewall_list       Run direct on list of firewalls by FQDN or IP

        panorama_list       Run through Panorama on list of firewalls by Serial, Name, or Management IP

        firewall_file       Run direct on list of firewalls from a file

        panorama_file       Run on list of firewalls from a file through Panorama



Examples:



python panos-set-additional-threat-log.py firewall_file -u admin -v -f firewall_list.txt

python panos-set-additional-threat-log.py panorama_list -u admin -v -l 015351000011111 PA-VM-50-A -m 192.168.100.100



To see the help specific to a subcommand:



python panos-set-additional-threat-log.py panorama_file -h



usage: panos-set-additional-threat-log.py panorama_file [-h] [-u USERNAME] [-m PANORAMA] [-p PASSWORD] [-v] [-f FILENAME]



optional arguments:

        -h, --help            show this help message and exit

        -u USERNAME, --username USERNAME

                       Username for login

        -m PANORAMA, --panorama PANORAMA

                       Panorama IP address

        -p PASSWORD, --password PASSWORD

                       Password for login - recommend not using this on command line

        -v, --verbose  Print responses to console

        -f FILENAME, --filename FILENAME

                       File containing firewall FQDN's and IP's one per line



Requirements:



    pip install pan-os-python



Verification:



Run the following operational command to verify if the setting is enabled:



firewall> show system state filter cfg.general.additional-threat-log



If it is already enabled on the firewall, the command will return the following:



cfg.general.additional-threat-log: True



If the response is empty or if the setting is False, then the additional threat logs are disabled



## More Information



Please see http://github.com/PaloAltoNetworks/panos-set-additional-threat-log for more information



## Contributing



Feel free to open issues, offer feedback, and send Pull Requests to our Github repository where this code is hosted. 



## Disclaimer



This software is provided without support, warranty, or guarantee.

Use at your own risk.