Palo Alto
IBM® QRadar® Risk Manager supports the Palo Alto adapter. The Palo Alto adapter uses the PAN-OS XML-based Rest API to communicate with Palo Alto firewall devices.
- Neighbor data support
- Dynamic NAT
- Static NAT
- Static routing
- SNMP discovery
- IPSEC Tunneling/VPN
- Applications
- User/Groups
- HTTPS connection protocol
The following table describes the integration requirements for the Palo Alto adapter.
Integration requirement | Description |
---|---|
Versions |
PAN-OS Versions 10.2.2 or earlier |
Minimum user access level |
Superuser (full access) is required for PA devices with External Dynamic Lists or Full Qualified Domain Name (FQDN) objects to perform system-level commands. Superuser (read-only) for all other PA devices. |
SNMP discovery |
SysDescr matches 'Palo Alto Networks(.*)series firewall' or sysOid matches 'panPA' |
Required credential parameters To add credentials in QRadar, log in as an administrator and use Configuration Monitor on the Risks tab. |
Username Password |
Supported connection protocols To add protocols in QRadar, log in as an administrator and use Configuration Monitor on the Risks tab. |
HTTPS |
Required commands to use for the backup operation. |
|
Optional commands to use for the backup operation. |
For PAN-OS versions 7.0 and earlier:
For PAN-OS versions 7.1 and higher:
|
Required commands to use for telemetry and neighbor data. |
|
Optional commands to use for telemetry and neighbor data. |
|
Required commands to use for the GetApplication. |
|