PAN-OS Policy Optimizer (beta)

Details
Content
Dependencies
Version History

This integration introduces Policy Optimizer and DAG features that are not available through the regular PAN API

Automate your AppID Adoption by using the PAN-OS Policy Optimizer (beta) integration and playbooks together with your Palo Alto Networks Next-Generation Firewall or Panorama.
This integration was integrated and tested with Panorama version 10.1.10.

What Does This Pack Do?

The Policy Optimizer integration in this content pack enables you to gain visibility into and control usage of security policy rules.

The playbooks in this pack also help you automate the following procedures to reduce the attack surface and safely enable applications on your network.

Identify unused rules.
Identify port-based rules so you can convert them to application-based rules that allow traffic or add applications to existing rules without compromising application availability.
Identify rules configured with unused applications.
Analyze rule characteristics and prioritize which rules to migrate or clean up.

As part of this pack, you also get out-of-the-box Policy Optimizer incident views, a full layout, and automation scripts. All of these are easily customizable to suit the needs of your organization.

For more information, visit our PAN-OS Policy Optimizer docs page.

Policy_Optimizer_-_Manage_Unused_Rules

Pack Contributors:

Maciej Drobniuch

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

What Does This Pack Do?

The Policy Optimizer integration in this content pack enables you to gain visibility into and control usage of security policy rules.

The playbooks in this pack also help you automate the following procedures to reduce the attack surface and safely enable applications on your network.

Identify unused rules.
Identify port-based rules so you can convert them to application-based rules that allow traffic or add applications to existing rules without compromising application availability.
Identify rules configured with unused applications.
Analyze rule characteristics and prioritize which rules to migrate or clean up.

As part of this pack, you also get out-of-the-box Policy Optimizer incident views, a full layout, and automation scripts. All of these are easily customizable to suit the needs of your organization.

For more information, visit our PAN-OS Policy Optimizer docs page.

Policy_Optimizer_-_Manage_Unused_Rules

Pack Contributors:

Maciej Drobniuch

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

Automations

Name	Description
EntryWidgetUnusedApplications	Entry widget that returns the number of rules with unused applications found by PAN-OS policy optimizer.
EntryWidgetUnusedRules	Entry widget that returns the number of unused rules found by PAN-OS policy. optimizer.
EntryWidgetPortBasedRules	Entry widget that returns the number of port based rules found by PAN-OS policy optimizer.

Incident Fields

Name	Description
PAN-OS Port Based Rules	Port based firewall rules found by PAN-OS Policy Optimizer.
Policy Optimizer Use-Case	Policy Optimizer use-case that will be handled by the Policy Optimizer playbook.
PAN-OS Rules with Unused Applications	PAN-OS firewall rules with unused applications found by PAN-OS Policy Optimizer.
PAN-OS Unused Rules	Unused firewall rules found by PAN-OS Policy Optimizer.

Incident Types

Name	Description
Policy Optimizer

Integrations

Name	Description
PAN-OS Policy Optimizer (Beta) (Community Contribution)	Automate your AppID Adoption by using this integration together with your Palo Alto Networks Next-Generation Firewall or Panorama.

Layouts

Name	Description
Policy Optimizer Layout

Playbooks

Name	Description
Policy Optimizer - Manage Unused Rules	This playbook helps identify and remove unused rules that do not pass traffic in your environment.
Policy Optimizer - Add Applications to Policy Rules	This playbook edits rules with unused applications or rules that are port based, and adds an application to the rule. It is used in PAN-OS - Policy Optimizer playbooks and includes communication tasks to get a rule name and the application to edit from the user.
Policy Optimizer - Manage Port Based Rules	This playbook migrates port-based rules to application-based allow rules to reduce the attack surface and safely enable applications on your network.
Policy Optimizer - Generic	This playbook is triggered by the Policy Optimizer incident type, and can execute any of the following sub-playbooks: Policy Optimizer - Manage Unused Rules Policy Optimizer - Manage Rules with Unused Applications Policy Optimizer - Manage Port Based Rules
Policy Optimizer - Manage Rules with Unused Applications	This playbook helps identify and remove unused applications from security policy rules. If you have application-based security policy rules that allow a large number of applications, you can remove unused applications (applications never seen on the rules) from those rules to allow only applications actually seen in the rule’s traffic. This strengthens your security posture by reducing the attack surface.

Automations

Name	Description
EntryWidgetUnusedRules	Entry widget that returns the number of unused rules found by PAN-OS policy. optimizer.
EntryWidgetPortBasedRules	Entry widget that returns the number of port based rules found by PAN-OS policy optimizer.
EntryWidgetUnusedApplications	Entry widget that returns the number of rules with unused applications found by PAN-OS policy optimizer.

Incident Fields

Name	Description
PAN-OS Rules with Unused Applications	PAN-OS firewall rules with unused applications found by PAN-OS Policy Optimizer.
PAN-OS Unused Rules	Unused firewall rules found by PAN-OS Policy Optimizer.
Policy Optimizer Use-Case	Policy Optimizer use-case that will be handled by the Policy Optimizer playbook.
PAN-OS Port Based Rules	Port based firewall rules found by PAN-OS Policy Optimizer.

Incident Types

Name	Description
Policy Optimizer

Integrations

Name	Description
PAN-OS Policy Optimizer (Beta) (Community Contribution)	Automate your AppID Adoption by using this integration together with your Palo Alto Networks Next-Generation Firewall or Panorama.

Playbooks

Name	Description
Policy Optimizer - Manage Unused Rules	This playbook helps identify and remove unused rules that do not pass traffic in your environment.
Policy Optimizer - Add Applications to Policy Rules	This playbook edits rules with unused applications or rules that are port based, and adds an application to the rule. It is used in PAN-OS - Policy Optimizer playbooks and includes communication tasks to get a rule name and the application to edit from the user.
Policy Optimizer - Manage Port Based Rules	This playbook migrates port-based rules to application-based allow rules to reduce the attack surface and safely enable applications on your network.
Policy Optimizer - Generic	This playbook is triggered by the Policy Optimizer alert type, and can execute any of the following sub-playbooks: Policy Optimizer - Manage Unused Rules Policy Optimizer - Manage Rules with Unused Applications Policy Optimizer - Manage Port Based Rules
Policy Optimizer - Manage Rules with Unused Applications	This playbook helps identify and remove unused applications from security policy rules. If you have application-based security policy rules that allow a large number of applications, you can remove unused applications (applications never seen on the rules) from those rules to allow only applications actually seen in the rule’s traffic. This strengthens your security posture by reducing the attack surface.

Required Content Packs (3)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
PAN-OS by Palo Alto Networks	By: Cortex XSOAR

Optional Content Packs (2)

Pack Name	Pack By
Common Types	By: Cortex XSOAR
Phishing	By: Cortex XSOAR

All level dependencies (7)

Pack Name	Pack By
Base	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
PAN-OS by Palo Alto Networks	By: Cortex XSOAR
Rasterize	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR

1.1.28 - 1162940 (July 9, 2024)

Scripts

EntryWidgetPortBasedRules

Updated the Docker image to: demisto/python3:3.10.14.100715.

EntryWidgetUnusedApplications

Updated the Docker image to: demisto/python3:3.10.14.100715.

EntryWidgetUnusedRules

Updated the Docker image to: demisto/python3:3.10.14.100715.

Related pull requests:
- 35310
- 35234
- 35242
- 35241
- 35240
- 35237
- 35244
- 35252
- 35236
- 35243
- 35245
- 35246
- 35247
- 35250
- 35248
- 35249
- 35235
- 35239
- 35238
- 35251

Download

1.1.27 - 1153019 (July 7, 2024)

Integrations

PAN-OS Policy Optimizer (Beta)

Added support for Panorama v10.1.10.
Updated the Docker image to: demisto/python3:3.10.14.99865.

Related pull requests:
- 34936

Download

1.1.26 - 1125139 (June 26, 2024)

Integrations

PAN-OS Policy Optimizer (Beta)

Added the device_group argument to the pan-os-po-app-and-usage, pan-os-po-get-rules, pan-os-po-get-stats, pan-os-po-no-apps, pan-os-po-unused-apps command. This allows the Panorama device group to be specified when running these commands.

Related pull requests:
- 34936
- 35164

Download

1.1.25 - 938811 (April 7, 2024)

Integrations

PAN-OS Policy Optimizer (Beta)

Updated the Docker image to: demisto/python3:3.10.14.91134.

Related pull requests:
- 33675

Download

1.1.24 - 865088 (March 3, 2024)

Integrations

PAN-OS Policy Optimizer (Beta)

Updated the Docker image to: demisto/python3:3.10.13.88772.

Related pull requests:
- 33184

Download

1.1.23 - 823153 (February 12, 2024)

Integrations

PAN-OS Policy Optimizer (Beta)

Updated the Docker image to: demisto/python3:3.10.13.87159.

Related pull requests:
- 32837

Download

1.1.22 - 798475 (February 1, 2024)

Integrations

PAN-OS Policy Optimizer (Beta)

Updated the Docker image to: demisto/python3:3.10.13.86272.

Related pull requests:
- 32519

Download

1.1.21 - 757686 (January 11, 2024)

Integrations

PAN-OS Policy Optimizer (Beta)

Updated the Docker image to: demisto/python3:3.10.13.84405.

Related pull requests:
- 32061

Download

1.1.20 - 7187156 (December 17, 2023)

Integrations

PAN-OS Policy Optimizer (Beta)

Added pagination support to the pan-os-po-get-rules command, with new page_size, page, and limit parameters.
Fixed an issue for the pan-os-po-get-rules command where if the optional exclude parameter was missing, an error would be raised.
Updated the Docker image to: demisto/python3:3.10.13.83255.

Related pull requests:
- 31402

Download

1.1.19 - 7122577 (December 10, 2023)

Integrations

PAN-OS Policy Optimizer (Beta)

Updated the Docker image to: demisto/python3:3.10.13.82980.

Related pull requests:
- 31371

Download

1.1.18 - 7066068 (December 4, 2023)

Integrations

PAN-OS Policy Optimizer (Beta)

Updated the Docker image to: demisto/python3:3.10.13.82076.

Related pull requests:
- 31286

Download

1.1.17 - 7029664 (November 30, 2023)

Integrations

PAN-OS Policy Optimizer (Beta)

Updated the Docker image to: demisto/python3:3.10.13.81631.

Related pull requests:
- 31214

Download

1.1.16 - 6965450 (November 22, 2023)

Integrations

PAN-OS Policy Optimizer (Beta)

Updated the Docker image to: demisto/python3:3.10.13.80593.

Related pull requests:
- 31024

Download

1.1.15 - 6808171 (November 6, 2023)

Integrations

PAN-OS Policy Optimizer (Beta)

Updated the Docker image to: demisto/python3:3.10.13.78960.

Related pull requests:
- 30669

Download

1.1.14 - 6636841 (October 18, 2023)

Integrations

PAN-OS Policy Optimizer (Beta)

Updated the Docker image to: demisto/python3:3.10.13.77674.

Related pull requests:
- 30234

Download

1.1.13 - 6592021 (October 13, 2023)

Integrations

PAN-OS Policy Optimizer (Beta)

Updated the Docker image to: demisto/python3:3.10.13.75921.

Related pull requests:
- 30134

Download

1.1.12 - 6313394 (September 13, 2023)

Integrations

PAN-OS Policy Optimizer (Beta)

Updated the Docker image to: demisto/python3:3.10.13.73190.

Related pull requests:
- 29652

Download

1.1.11 - 6170593 (August 28, 2023)

Integrations

PAN-OS Policy Optimizer (Beta)

Updated the Docker image to: demisto/python3:3.10.13.72123.

Related pull requests:
- 29262

Download

1.1.10 - 6010750 (August 10, 2023)

Integrations

PAN-OS Policy Optimizer (Beta)

Updated the Docker image to: demisto/python3:3.10.12.68714.

Related pull requests:
- 28878

Download

1.1.9 - 5876761 (July 26, 2023)

Integrations

PAN-OS Policy Optimizer (Beta)

Added support for version 10.2.0 of PAN-OS.
Updated the Docker image to: demisto/python3:3.10.12.66339.

Related pull requests:
- 28408

Download

1.1.8 - R5866730 (July 25, 2023)

Scripts

EntryWidgetUnusedApplications

Updated the Docker image to: demisto/python3:3.10.12.63474.

EntryWidgetPortBasedRules

Updated the Docker image to: demisto/python3:3.10.12.63474.

EntryWidgetUnusedRules

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27997

Download

1.1.7 - R5692327 (July 5, 2023)

Integrations

PAN-OS Policy Optimizer (Beta)

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27802

Download

1.1.6 - 5470583 (June 7, 2023)

Integrations

PAN-OS Policy Optimizer (Beta)

Updated the Docker image to: demisto/python3:3.10.11.61265.

Related pull requests:
- 27272

Download

1.1.5 - 5277943 (May 16, 2023)

Integrations

PAN-OS Policy Optimizer (Beta)

Fixed an issue where the documentation link was old.
Updated the Docker image to: demisto/python3:3.10.11.58677.

Related pull requests:
- 26388

Download

1.1.4 - R5170573 (May 2, 2023)

Layouts

Policy Optimizer Layout
This item is no longer supported in XSIAM.

Related pull requests:
- 24222

Download

1.1.3 - 4049710 (November 17, 2022)

Integrations

PAN-OS Policy Optimizer (Beta)

Added support to get rules by both pre and post position.

Related pull requests:
- 22270

Download

1.1.2 - 4034921 (November 15, 2022)

Integrations

PAN-OS Policy Optimizer (Beta)

Note: the integration was moved to Beta format and support for this pack is moving to community.
Updated the Docker image to: demisto/python3:3.10.8.37233.

Related pull requests:
- 22154

Download

1.1.1 - 3997825 (November 8, 2022)

Integrations

PAN-OS Policy Optimizer

Fixed an issue were the headers where used before they were defined.

Related pull requests:
- 22101

Download

1.1.0 - 3910837 (October 25, 2022)

Integrations

PAN-OS Policy Optimizer

Added support for version 10.1.6 and solved an issue with the test module for it.
Updated the Docker image to: demisto/python3:3.10.8.36650.

Related pull requests:
- 21719

Download

1.0.8 - R3649843 (September 13, 2022)

Integrations

PAN-OS Policy Optimizer

Fixed an issue for login validity for versions 9 and 10.
Updated the Docker image to: demisto/python3:3.10.5.33323.

Related pull requests:
- 20847

Download

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Supported By	Community
Created	April 22, 2021
Last Release	July 9, 2024

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.