4 Palo Alto Networks’ tools you have to discover!

What is it?

PAN-Configurator is a PHP library aimed at making PANOS config changes easy. It may seem a little complex compared to the GUI based approach of the Palo Alto platform, but the commands are straightforward and the documentation provides some examples to get you started.

The tool can be used to manage large rulebases, execute complex rule merges, track unused objects and other actions which are not directly offered by the standard GUI.

The PAN configurator allows you to:

• Add a security profile (group) to all security policies which match certain characteristics like Zone, Dervice, Tag, … Example: Apply a stricter security profile to all policies which allow outbound web traffic.
• Find duplicate objects and replace or merge them.
• Tag rules and objects based on match criteria to create a more structured rulebase or highlight unsecure policies which need reviewing.

Where can I find the PAN-configurator?

The tool comes as a free download at GitHub.

More information can be found on the Palo Alto Networks Live platform.

What is it?

The Best Practice Assessment (BPA) tool, created by Palo Alto Networks, evaluates a device’s configuration by measuring the adoption of capabilities, validating whether the policies adhere to best practices, and providing recommendations and instructions for how to remediate failed best practice checks. The tool performs more than 200 security checks on a firewall or Panorama configuration and provides a pass/fail score for each check.

The BPA tool is easy to use and provides an instant report.

• Use it to (regularly) review existing customer’s configuration and pinpoint insecure policies.
• Use it as a check list for new installations.
• Evaluate which remarks are valid, or which are not relevant for a specific environment.

Please note that best practices always depend on a customer’s environment. The results should always be interpreted by an experienced engineer. The tool is fast, easy to use and provides an excellent starting point for a more secure and above all consistent configuration.

Where can I find the BPA tool?

Upload config files to the BPA tool at the Palo Alto Customer Success portal.

 What is it?

MineMeld is an open-source application that streamlines the aggregation, enforcement and sharing of threat intelligence. The tool consists of 3 components.

• Miners which extract list of indicators (of compromise) from known sources.
• Aggregators which manipulate these lists to include, exclude or merge objects.
• The output component which provides a list readable by the Palo Alto Networks firewall using external dynamic lists (or dynamic address groups).

MineMeld is a great tool for SOC-based operations and can help with automating some daily (NOC) tasks.

• Track all IPs and URLs associated with Office365 and all its sub-components (Skype for Business, SharePoint online, Yammer, …) to create specific URL filtering profiles, or Policy based Forwarding policies to route certain traffic.
• Use an existing file hosted on a SharePoint to populate URL allow and block lists. This provides fully managed customers the ability to control their own URL lists without the need for login credentials to the Palo Alto Networks firewalls.
• Increase the security of your appliance by leveraging external threat intelligence sources and creating block policies based on indicators of compromise (IOCs) seen in the wild.

Discover more about Response & Detect

Where can I find MineMeld?

MineMeld is available for all users directly on GitHub, as well as pre-built virtual machines (VMs) for easy deployment.