Skip to content

Generates an external blacklist based off of a Palo Alto firewall threat logs

License

Notifications You must be signed in to change notification settings

tylerakraft/panostoblock

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
 
 
 
 
 
 
 
 

Repository files navigation

panostoblock

This python script uses the PanOS api to generate an external blocklist that you can point your Palo Alto firewall to

Requirements

This script uses the untangle, time, os and requests modules so be sure that they're installed

Usage

  1. Generate an api key for use with this script
  2. Add the api key to the script in the Key variable
  3. Add the remainder of the variables specific to your environment
  4. Run the script and verify that the list is generated and matches your firewall threat logs
  5. Create a cron job to make sure that your list is updated regularly
  6. Ensure that you can see the blacklist from a web browser
  7. Add the blacklist to your Palo Alto firewall as an external blacklist
  8. Create a firewall policy to block traffic based on that external blacklist

Notes

Be sure to look through the documentation for your version of PanOS to ensure you're api calls are correct.
I run this on the same server running our internal wiki so that the blocklist can be easily referenced.
I run this script in Python 3. Don't know if it works with 2.
I'm still new to python so I'm sure this isn't optimized or pretty. Be gentle.

About

Generates an external blacklist based off of a Palo Alto firewall threat logs

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages