elastic · shmsr · Sep 17, 2024 · Aug 29, 2024 · Aug 31, 2024 · Aug 31, 2024
@@ -216,6 +216,7 @@ CHANGELOG*
 /x-pack/metricbeat/module/istio/ @elastic/obs-cloudnative-monitoring
 /x-pack/metricbeat/module/mssql @elastic/obs-infraobs-integrations
 /x-pack/metricbeat/module/oracle @elastic/obs-infraobs-integrations
+/x-pack/metricbeat/module/panw @elastic/obs-infraobs-integrations
 /x-pack/metricbeat/module/prometheus/ @elastic/obs-cloudnative-monitoring
 /x-pack/metricbeat/module/redisenterprise @elastic/obs-infraobs-integrations
 /x-pack/metricbeat/module/sql @elastic/obs-infraobs-integrations

@@ -2720,6 +2720,31 @@ Redistribution and use in source and binary forms, with or without modification,
 
 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
+--------------------------------------------------------------------------------
+Dependency : github.com/PaloAltoNetworks/pango
+Version: v0.10.2
+Licence type (autodetected): ISC
+--------------------------------------------------------------------------------
+
+Contents of probable licence file $GOMODCACHE/github.com/!palo!alto!networks/pango@v0.10.2/LICENSE:
+
+Distributed under ISC license:
+
+Copyright (c) 2014-2016, Palo Alto Networks Inc.
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+
 --------------------------------------------------------------------------------
 Dependency : github.com/elastic/sarama
 Version: v1.19.1-0.20220310193331-ebc2b0d8eef3

@@ -394,6 +394,7 @@ require (
 
 require (
 	cloud.google.com/go/storage v1.43.0
+	github.com/PaloAltoNetworks/pango v0.10.2
 	github.com/dlclark/regexp2 v1.4.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/moby/term v0.5.0 // indirect

@@ -215,6 +215,8 @@ github.com/PaesslerAG/gval v1.2.2/go.mod h1:XRFLwvmkTEdYziLdaCeCa5ImcGVrfQbeNUbV
 github.com/PaesslerAG/jsonpath v0.1.0/go.mod h1:4BzmtoM/PI8fPO4aQGIusjGxGir2BzcV0grWtFzq1Y8=
 github.com/PaesslerAG/jsonpath v0.1.1 h1:c1/AToHQMVsduPAa4Vh6xp2U0evy4t8SWp8imEsylIk=
 github.com/PaesslerAG/jsonpath v0.1.1/go.mod h1:lVboNxFGal/VwW6d9JzIy56bUsYAP6tH/x80vjnCseY=
+github.com/PaloAltoNetworks/pango v0.10.2 h1:Tjn6vIzzAq6Dd7N0mDuiP8w8pz8k5W9zz/TTSUQCsQY=
+github.com/PaloAltoNetworks/pango v0.10.2/go.mod h1:GztcRnVLur7G+VFG7Z5ZKNFgScLtsycwPMp1qVebE5g=
 github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/purell v1.1.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=

diff --git a/metricbeat/docs/fields.asciidoc b/metricbeat/docs/fields.asciidoc
@@ -69,6 +69,7 @@ grouped in the following categories:
 * <<exported-fields-nginx>>
 * <<exported-fields-openmetrics>>
 * <<exported-fields-oracle>>
+* <<exported-fields-panw>>
 * <<exported-fields-php_fpm>>
 * <<exported-fields-postgresql>>
 * <<exported-fields-process>>
@@ -57152,6 +57153,50 @@ format: bytes
 
 --
 
+[[exported-fields-panw]]
+== Panw fields
+
+PAN-OS module
+
+
+[float]
+=== panw
+
+PAN-OS module
+
+
+
+*`panw.interfaces.example`*::
++
+--
+type: keyword
+
+--
+
+
+*`panw.routing.example`*::
++
+--
+type: keyword
+
+--
+
+
+*`panw.system.example`*::
++
+--
+type: keyword
+
+--
+
+
+*`panw.vpn.example`*::
++
+--
+type: keyword
+
+--
+
 [[exported-fields-php_fpm]]
 == PHP_FPM fields
 

diff --git a/metricbeat/docs/modules/panw.asciidoc b/metricbeat/docs/modules/panw.asciidoc
@@ -0,0 +1,143 @@
+////
+This file is generated! See scripts/mage/docs_collector.go
+////
+
+:modulename: panw
+:edit_url: https://github.com/elastic/beats/edit/main/x-pack/metricbeat/module/panw/_meta/docs.asciidoc
+
+
+[[metricbeat-module-panw]]
+[role="xpack"]
+== Panw module
+
+beta[]
+
+:modulename: panw
+
+include::{libbeat-dir}/shared/integration-link.asciidoc[]
+
+:modulename!:
+
+The panw Metricbeat module uses the Palo Alto [pango](https://pkg.go.dev/github.com/PaloAltoNetworks/pango#section-documentation) package to extract metrics
+information from a firewall device via the XML API.
+
+[float]
+=== Dashboards
+
+
+[float]
+=== Module-specific configuration notes
+
+The panw module configuration requires the ip address of the target firewall device and an API Key generated from that firewall. It is assumed
+that network access to the firewall is available. All access by the panw module is read-only.
+
+***Limitations***
+The current version of the module is configured to run against **exactly 1** firewall. Multiple firewalls will require multiple agent configurations. 
+The module has also not been tested with Panorama, though it should work since it only relies on lower level Client.Op calls to send XML API commands 
+to the server.
+
+Required credentials for the `panw` module:
+
+`host_ip` :: IP address of the firewall - must be network accessible.
+
+`apiKey`:: An API Key generated via an XML API call to the firewall or via the management dashboard. This
+
+
+[float]
+== Metricsets
+
+[float]
+=== `bgp_peers`
+This metricset reports information on BGP Peers defined in the firewall.
+
+[float]
+=== `certificates`
+This metricset will capture certificates defined on the firewall including expiration dates.
+
+[float]
+=== `fans`
+This metricset will collect information from hardware fans (RPMS) and will report if an alarm is active for a given fan.
+
+[float]
+=== `filesystem`
+This metricset reports disk usage for filesystems defined on the device, based on df output.
+
+[float]
+=== `globalprotect_sessions`
+This metricset will collect metrics on current user sessions established on Global Protect gateways.
+
+[float]
+=== `globalprotect_stats`
+This metricset reports the number of user per GlobalProtect gateway and totals across all gateways.
+
+[float]
+=== `ha_interfaces`
+This metricset will collect metrics from the device on High Availabilty configuration for interfaces.
+
+[float]
+=== `licenses`
+This metricset reports on licenses for sofware features with expiration dates.
+
+[float]
+=== `logical`
+This metricset will collect metrics on logical interfaces in the device's network.
+
+[float]
+=== `power`
+This metricset reports power usage and alarms.
+
+[float]
+=== `system`
+This metricset captures system informate such as uptime, user count, CPU, memory and swap: essentiallyl the first 5 lines of 'top' output. 
+
+[float]
+=== `temperature`
+This metricset reports temperature for various slots on the device and reports on alarm status. 
+
+[float]
+=== `tunnels`
+This metricset enumerates ipsec tunnels and their status.
+
+
+
+:edit_url:
+
+[float]
+=== Example configuration
+
+The Panw module supports the standard configuration options that are described
+in <<configuration-metricbeat>>. Here is an example configuration:
+
+[source,yaml]
+----
+metricbeat.modules:
+- module: panw
+  metricsets: ["licenses"]
+  enabled: false
+  period: 10s
+  hosts: ["localhost"]
+
+----
+
+[float]
+=== Metricsets
+
+The following metricsets are available:
+
+* <<metricbeat-metricset-panw-interfaces,interfaces>>
+
+* <<metricbeat-metricset-panw-routing,routing>>
+
+* <<metricbeat-metricset-panw-system,system>>
+
+* <<metricbeat-metricset-panw-vpn,vpn>>
+
+include::panw/interfaces.asciidoc[]
+
+include::panw/routing.asciidoc[]
+
+include::panw/system.asciidoc[]
+
+include::panw/vpn.asciidoc[]
+
+:edit_url!:
diff --git a/metricbeat/docs/modules/panw/interfaces.asciidoc b/metricbeat/docs/modules/panw/interfaces.asciidoc
@@ -0,0 +1,29 @@
+////
+This file is generated! See scripts/mage/docs_collector.go
+////
+:edit_url: https://github.com/elastic/beats/edit/main/x-pack/metricbeat/module/panw/interfaces/_meta/docs.asciidoc
+
+
+[[metricbeat-metricset-panw-interfaces]]
+[role="xpack"]
+=== Panw interfaces metricset
+
+beta[]
+
+include::../../../../x-pack/metricbeat/module/panw/interfaces/_meta/docs.asciidoc[]
+
+
+:edit_url:
+
+==== Fields
+
+For a description of each field in the metricset, see the
+<<exported-fields-panw,exported fields>> section.
+
+Here is an example document generated by this metricset:
+
+[source,json]
+----
+include::../../../../x-pack/metricbeat/module/panw/interfaces/_meta/data.json[]
+----
+:edit_url!:
diff --git a/metricbeat/docs/modules/panw/routing.asciidoc b/metricbeat/docs/modules/panw/routing.asciidoc
@@ -0,0 +1,29 @@
+////
+This file is generated! See scripts/mage/docs_collector.go
+////
+:edit_url: https://github.com/elastic/beats/edit/main/x-pack/metricbeat/module/panw/routing/_meta/docs.asciidoc
+
+
+[[metricbeat-metricset-panw-routing]]
+[role="xpack"]
+=== Panw routing metricset
+
+beta[]
+
+include::../../../../x-pack/metricbeat/module/panw/routing/_meta/docs.asciidoc[]
+
+
+:edit_url:
+
+==== Fields
+
+For a description of each field in the metricset, see the
+<<exported-fields-panw,exported fields>> section.
+
+Here is an example document generated by this metricset:
+
+[source,json]
+----
+include::../../../../x-pack/metricbeat/module/panw/routing/_meta/data.json[]
+----
+:edit_url!:
diff --git a/metricbeat/docs/modules/panw/system.asciidoc b/metricbeat/docs/modules/panw/system.asciidoc
@@ -0,0 +1,29 @@
+////
+This file is generated! See scripts/mage/docs_collector.go
+////
+:edit_url: https://github.com/elastic/beats/edit/main/x-pack/metricbeat/module/panw/system/_meta/docs.asciidoc
+
+
+[[metricbeat-metricset-panw-system]]
+[role="xpack"]
+=== Panw system metricset
+
+beta[]
+
+include::../../../../x-pack/metricbeat/module/panw/system/_meta/docs.asciidoc[]
+
+
+:edit_url:
+
+==== Fields
+
+For a description of each field in the metricset, see the
+<<exported-fields-panw,exported fields>> section.
+
+Here is an example document generated by this metricset:
+
+[source,json]
+----
+include::../../../../x-pack/metricbeat/module/panw/system/_meta/data.json[]
+----
+:edit_url!:
diff --git a/metricbeat/docs/modules/panw/vpn.asciidoc b/metricbeat/docs/modules/panw/vpn.asciidoc
@@ -0,0 +1,29 @@
+////
+This file is generated! See scripts/mage/docs_collector.go
+////
+:edit_url: https://github.com/elastic/beats/edit/main/x-pack/metricbeat/module/panw/vpn/_meta/docs.asciidoc
+
+
+[[metricbeat-metricset-panw-vpn]]
+[role="xpack"]
+=== Panw vpn metricset
+
+beta[]
+
+include::../../../../x-pack/metricbeat/module/panw/vpn/_meta/docs.asciidoc[]
+
+
+:edit_url:
+
+==== Fields
+
+For a description of each field in the metricset, see the
+<<exported-fields-panw,exported fields>> section.
+
+Here is an example document generated by this metricset:
+
+[source,json]
+----
+include::../../../../x-pack/metricbeat/module/panw/vpn/_meta/data.json[]
+----
+:edit_url!: