Palo Alto Networks PAN-OS EDL Management

This integration enables you to manage and edit files located on a remote web server via SSH using integration context as Single Source of Truth.

This integration requires root access in order to execute ssh commands. If you've configured the server to run Docker images with a non-root internal user make sure to exclude the demisto/openssh Docker image as documented here

Palo Alto Networks PAN-OS EDL Management Playbook

PAN-OS EDL Setup

Use Cases

  • Manage blacklists and whitelists in the web-server in a dynamic manner to control the blacklists in PAN-OS.

Detailed Description

To use the Palo Alto Networks PAN-OS EDL Management integration, you need to set up a remote web server.

  1. Set up a remote server with Apache.
  2. Generate a pair of SSH keys. Send the private key to the user’s home directory, into the “.ssh” folder in the Apache server.
  3. Append the public key to the “authorized_keys” file.
  4. Save the private SSH key in Demisto Credentials.
  5. To verify the location of the document root where the files are stored, run the following command.
    • CentOS : "httpd -S"
    • Ubuntu : apcahe2 -S"

Configure Palo Alto Networks PAN-OS EDL on Demisto

  1. Navigate to Settings > Integrations > Servers & Services .
  2. Search for palo_alto_networks_pan_os_edl_management.
  3. Click Add instance to create and configure a new integration instance.
    • Name : a textual name for the integration instance.
    • Hostname or IP of server
    • server port
    • SSH credentials to server (username and certificate)
    • SSH extra parameters (e.g., "-c ChaCha20")
    • SCP extra parameters (e.g., "-c ChaCha20 -l 8000")
    • Document root (e.g., var/www/html/files)
  4. Click Test to validate the new instance.

Commands

You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

  1. Display the contents of remote file(s) located in the War Room: pan-os-edl-get-external-file
  2. Search for a string in a remote file: pan-os-edl-search-external-file
  3. Update instance context, and override the path of the remote file: pan-os-edl-update
  4. Update internal list data: pan-os-edl-update-from-external-file
  5. Delete a file from a remote server: pan-os-edl-delete-external-file
  6. Display internal list data in the War Room: pan-os-edl-print-internal-list
  7. Dump (copies) instance context: pan-os-edl-dump-internal-list
  8. Display instance context list names: pan-os-edl-list-internal-lists
  9. Search for a string in internal list: pan-os-edl-search-internal-list
  10. Compare internal list and external file contents: pan-os-edl-compare
  11. Get metadata for an external file: pan-os-edl-get-external-file-metadata
  12. Update the instance context: pan-os-edl-update-internal-list
  13. Update a remote file: pan-os-edl-update-external-file

1. Display the contents of a remote file located in the War Room

Displays the contents of the specified remote file located in the War Room.

Base Command

pan-os-edl-get-external-file

Input
Argument Name Description Required
file_path Unique path to the file on a remote server. Required

Context Output

There are no context output for this command.

Command Example 
!pan-os-edl-get-external-file file_path=kili1.txt
Human Readable Output

File Content:

List
1.2.3.4

2. Search for a string in a remote file

Searches for a string in a remote file.

Base Command

pan-os-edl-search-external-file

Input
Argument Name Description Required
file_path Unique path to the file on a remote server. Required
search_string String to search for in the remote file. Required

Context Output

There are no context output for this command.

Command Example 
!pan-os-edl-search-external-file file_path=kili1.txt search_string=1.0.0.39
Human Readable Output

Search string was not found in the external file path given.

3. Update instance context, and override the path of the remote file

Updates the instance context with the specified list name and list items, and then overrides the path of the remote file with the internal list.

Base Command

pan-os-edl-update

Input
Argument Name Description Required
list_name List from the instance context with which to override the remote file. Required
file_path Unique path to file. Required
verbose Prints the updated remote file to the War Room. Default is "false". Optional
list_items List items. Required
add_or_remove Whether to add to or remove from the list. Default is "add". Required

Context Output

There are no context output for this command.

Command Example 
!pan-os-edl-update add_or_remove=add list_items=104.196.188.170 file_path=kili1.txt list_name=kili1
Human Readable Output

Instance context updated successfully. External file updated successfully.

4. Update internal list data

Updates internal list data with the contents of a remote file.

Base Command

pan-os-edl-update-from-external-file

Input
Argument Name Description Required
file_path Unique path to the file on a remote server. Required
list_name List name. Required
type Update type. "Merge" adds non-duplicate values, "Override" deletes existing data in the internal list. Default is "merge". Required
verbose Prints the updated internal list to the War Room. Default is "false". Optional

Context Output

There are no context output for this command.

Command Example 
!pan-os-edl-update-from-external-file file_path=kili1.txt list_name=kili1_copy type=override verbose=true
Human Readable Output

List items:

kili1_copy
104.196.188.170
176.10.104.240
10.1.1.1
10.1.1.0
5.6.7.8
5.79.86.16
12.12.12.12

5. Delete a file from a remote server

Deletes a file from a remote server.

Base Command

pan-os-edl-delete-external-file

Input
Argument Name Description Required
file_path Unique path to the file on a remote server. Required

Context Output

There are no context output for this command.

Command Example 
!pan-os-edl-delete-external-file file_path=kili1_copy.txt
Human Readable Output

File deleted successfully.

6. Display internal list data in the War Room

Displays internal list data in the War Room.

Base Command

pan-os-edl-print-internal-list

Input
Argument Name Description Required
list_name List name. Required

Context Output

There are no context output for this command.

Command Example 
!pan-os-edl-print-internal-list list_name=kili1
Human Readable Output

List items:

kili1
104.196.188.170
176.10.104.240
10.1.1.1
10.1.1.0
5.6.7.8
5.79.86.16
12.12.12.12

7. Dump (copies) instance context

Dumps (copies) instance context to either the incident context or a file.

Base Command

pan-os-edl-dump-internal-list

Input
Argument Name Description Required
destination List data destination. Default is "file". Required
list_name List name. Required

Context Output
Path Type Description
PANOSEDL.ListItems string Items of the internal list.
PANOSEDL.ListName string Name of the internal list.

Command Example 
!pan-os-edl-dump-internal-list destination=file list_name=kili1
Human Readable Output

8. Display instance context list names.

Displays instance context list names.

Base Command

pan-os-edl-list-internal-lists

Input

There are no input arguments for this command.

Context Output

There are no context output for this command.

Command Example 
!pan-os-edl-list-internal-lists
Human Readable Output

Instance context Lists:

List names
kili1
kili1_copy
kili2
test_playbook_list4

9. Search for a string in internal list

Search for a string in internal list.

Base Command

pan-os-edl-search-internal-list

Input
Argument Name Description Required
list_name Name of list. Required
search_string String to search for in the remote file. Required

Context Output

There are no context output for this command.

Command Example 
!pan-os-edl-search-internal-list list_name=kili1 search_string=216.3.128.82
Human Readable Output

Search string is in internal list.

10. Compare internal list and external file contents

Compares internal list and external file contents.

Base Command

pan-os-edl-compare

Input
Argument Name Description Required
list_name List name. Required
file_path Unique path to the file on a remote server. Required

Context Output

There are no context output for this command.

Command Example 
!pan-os-edl-compare file_path=kili1.txt list_name=kili1
Human Readable Output

Internal list and external file have the same values.

11. Get metadata for an external file

Gets metadata for an external file.

Base Command

pan-os-edl-get-external-file-metadata

Input
Argument Name Description Required
file_path Unique path to the file on a remote server. Required

Context Output
Path Type Description
PANOSEDL.FileName String Name of the external file.
PANOSEDL.Size Number File size.
PANOSEDL.NumberOfLines Number Number of lines.
PANOSEDL.LastModified String Date that the file was last modified.

Command Example 
!pan-os-edl-get-external-file-metadata file_path=kili1.txt
Context Example 
{
    "PANOSEDL": {
        "FileName": "kili1.txt",
        "LastModified": "2019-12-03 10:04:56.391849212",
        "NumberOfLines": 7,
        "Size": 67
    }
}
Human Readable Output

File metadata:

FileName Size NumberOfLines LastModified
kili1.txt 67 7 2019-12-03 10:04:56.391849212

12. Update the instance context

Updates the instance context with the specified list name and list items.

Base Command

pan-os-edl-update-internal-list

Input
Argument Name Description Required
list_name The list from the instance context to update. Required
list_items An array of list items. Required
verbose Whether to print the updated remote file to the War Room. Can be "true" or "false". Default is "false". Optional
add_or_remove Whether to add to, or remove from the list. Can be "add" or "remove". Default is "add". Required

Context Output

There are no context output for this command.

Command Example 
!pan-os-edl-update-internal-list add_or_remove=add list_items=19.12.13.11 list_name=kili1
Human Readable Output

Instance context updated successfully.

13. Update a remote file

Updates a remote file with the contents of an internal list.

Base Command

pan-os-edl-update-external-file

Input
Argument Name Description Required
file_path Unique path to the file on a remote server. Required
list_name List name. Required
verbose Whether to add to, or remove from the list. Can be "add" or "remove". Default is "add". Optional

Context Output

There are no context output for this command.

Command Example 
!pan-os-edl-update-external-file file_path=kili1.txt list_name=kili1 verbose=false
Human Readable Output

External file updated successfully.

Edit this page
Report an Issue