IBM Support

Palo Alto adapter for QRadar Risk Manager

Product Documentation


Abstract

The IBM® Security QRadar® Risk Manager Palo Alto adapter supports the Palo Alto network firewall device for the Palo Alto Networks operating system (PAN-OS). The Palo Alto adapter uses the PAN-OS XML-based REST application programming interface (API) to communicate with devices and interpret the XML-based responses.

Content

Important: The adapter does not return policy and filter data.

You use an HTTPS request to a URL to send a command to a device. The command format for the request is https://deviceIPAddress/api/?type=op&cmd=

Where command is a set of XML tags or XPath.

The following example is for a set of XML tags.

<show><system><info></info></system></show>

The following example is an XPath:

/config/predefined/service

The following table describes the integration requirements for the Palo Alto adapter.

Integration requirement
Description


VersionsPAN-OS version 4.1.0 and later.
Neighbor data supportSupported
SNMP discoverySysDescr matches 'Palo Alto Networks(.*)series firewall' or sysOid matches 'panPA'
Required credential parametersUsername

Password

Use SuperReader access for credentials.

Connection protocolsHTTPS
Commands that are used for backup operation<show><system><info></info></system>/show>

<show><config><running></running></config></show>

<show><routing><route></route></routing></show>

<show><virtual-wire>all</virtual-wire></show>

<show><vlan>all</vlan></show>

<show><interface>all</interface></show>

<show><system><disk-space></disk-space></system></show>

<show><system><resources></resources></system></show>

/config/predefined/service

Commands that are used for telemetry and neighbor data <show><system><info></info></system></show>

<show><interface>all</interface></show>

<show><routing><interface></interface></routing></show>

<show><counter><interface>all</interface></counter></show>

<show><arp>all</arp></show></p><p><show><mac>all</mac></show>

<show><routing><route></route></routing></show>

Commands that are used to query the application definitions on the device<show><config><running></running></config></show>

/config/predefined/application

[{"Product":{"code":"SSBQQU","label":"IBM Security QRadar Risk Manager"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Not Applicable","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
17 June 2018

UID

swg27041702