When the AlienApp for Palo Alto Networks is enabled and connected to your Palo Alto Networks environment, you can launch app actions and create orchestration rules to send data from USM Anywhere to your Palo Alto device. For more information about the orchestration actions supported by the AlienApp for Palo Alto Networks, see AlienApp for Palo Alto Networks Orchestration.
Note: To fully integrate USM Anywhere with your Palo Alto Networks device, you should also have the Palo Alto Networks PAN-OS log collection enabled so that USM Anywhere can retrieve and normalizeNormalization describes the translation of log file entries received from disparate types of monitored assets into the standardized framework of Event types and sub-types. the raw log data. For information about enabling this raw log data retrieval, see Collecting Logs from Palo Alto Networks.
Before you can begin configuration, you must have the following information from the Palo Alto Networks Pan-OS and, if desired, from a Certificate Authority.
- An API key
- The IP address or hostname of the Palo Alto Networks Pan-OS
- (Optional) A Secure Socket Layer (SSL)Protocol used for transmitting private documents through the Internet. SSL works by using a public key to encrypt data that's transferred over the SSL connection. See also transport layer security. certificate from a trusted Certificate Authority
To acquire a Palo Alto Networks Pan-OS API key
Go to https://www.paloaltonetworks.com/documentation/71/pan-os/xml-api/get-started-with-the-pan-os-xml-api/get-your-api-key and follow the vendor instructions to generate the key.
You'll use this key to enable a connection between the Palo Alto Networks Pan-OS instance and the AlienApp for Palo Alto Networks.
To support the orchestration actions in USM Anywhere, you must configure a connection with the Palo Alto Networks Pan-OS firewall. This connection enables the AlienApp to send a request to the Palo Alto Networks Pan-OS API.
Important: USM Anywhere can only communicate with one Palo Alto Networks Pan-OS instance per sensor. If you have multiple Palo Alto Networks Pan-OS instances in your network, we recommend that you contact AlienVault Technical Support for setup help.
To configure the connection between the firewall and the AlienApp
- In USM Anywhere, go to Data Sources > Integrations.
Click the AlienApps tab.
On the AlienApps page, click the Palo Alto Networks tile.
The Status tab is displayed, but it does not provide status information until the AlienApp for Palo Alto Networks is enabled and configured.
If you have more than one deployed USM Anywhere Sensor, select the sensor that you want to use for the enabled AlienApp.
USM Anywhere AlienApps operate through a deployed sensor and use APIs to integrate with the connected third-party technology. Select the sensor that can access the integration endpoint. The HTTPS connections to the API will originate from this sensor.
- Click Enable.
- Click the Settings tab.
Enter the connection information.
- IP address or hostname: IP address or hostname of your Palo Alto Networks Pan-OS instance
CA certificate (Optional): Security certificate that establishes a trusted SSL between the Palo Alto Networks Pan-OS and USM Anywhere
Select Require CA certificate if you want to use a security certificate.
- API key: API key that you generated in the Palo Alto Networks Pan-OS.
- Click Save.