Highlighted
MaryCordova Frequent Contributor.
Frequent Contributor.
945 views

P-Palo_Alto_Networks_PAN-OS.arb

10 Replies
MaryCordova Frequent Contributor.
Frequent Contributor.

Re: P-Palo_Alto_Networks_PAN-OS.arb

Apologies, need to clean up a few things in the .arb

0 Likes
Reply
MaryCordova Frequent Contributor.
Frequent Contributor.

Re: P-Palo_Alto_Networks_PAN-OS.arb

Sorry this took so long, new .zip which will import just fine, it doesn't need to be an .arb file. 

0 Likes
Reply
Trusted Contributor.. victormuska Trusted Contributor..
Trusted Contributor..

Re: P-Palo_Alto_Networks_PAN-OS.arb

What is this? Why is there no description in this document? I'm new to Activate and need to know things like what the requirements are for installing this such as what logs need to be collected and how should assets be modeled. I have tons of Palo Alto logs. The zip doesn't even contain an .arb file!

0 Likes
Reply
MaryCordova Frequent Contributor.
Frequent Contributor.

Re: P-Palo_Alto_Networks_PAN-OS.arb

Change the .zip ext to .arb

0 Likes
Reply
pbrettle Acclaimed Contributor.
Acclaimed Contributor.

Re: P-Palo_Alto_Networks_PAN-OS.arb

Thanks Mary - this is great!

0 Likes
Reply
Trusted Contributor.. victormuska Trusted Contributor..
Trusted Contributor..

Re: P-Palo_Alto_Networks_PAN-OS.arb

I'm sorry. I still don't understand. The title of this post is:

P-Palo_Alto_Networks_PAN-OS.arb

The title of the download is:

P-Palo_Alto_Networks_PAN-OS.zip

In the download there is no arb file.

There is no words on this post at all to explain what this zip file is, how to install it, or any information period.

0 Likes
Reply
MaryCordova Frequent Contributor.
Frequent Contributor.

Re: P-Palo_Alto_Networks_PAN-OS.arb

You will need to use the wiki for Activate to understand how to use a product package.  They might even have some webinars or something to help you.  Here is the link to the main Activate page:

This is an entire framework that is layered, the Palo Alto package being one of many possible 3rd layer product packages.  (The first 2 layers being the framwork base and the network/perimeter L1 solution package.)

As for this particular file, I know that there is an update in progress so a new version will be released at some point.  In the interim, if you would like to use the package as-is, download the .zip file and change the .zip extension to .arb and then import it. 

0 Likes
Reply
Trusted Contributor.. victormuska Trusted Contributor..
Trusted Contributor..

Re: P-Palo_Alto_Networks_PAN-OS.arb

On the Activiate wiki, there is no mention of Palo Alto anywhere. This tells me it's not part of the official activate framework. Something like TippingPoint is. There's wiki articles for how to install the TippingPoint package, then also how to enable it once it's installed. Also, why isn't this package in the areas where the other Activate packages are? This area: ArcSight Activate Framework. Is that place only the location for officially supported packages?

I didn't understand you were indicating I need to rename the downloaded file to a different extension to get this to work. That kind of thing isn't in the Activate Wiki. At the last can you put that in the description of this? I just guessed at which filters I need to update. Because I'm new, and there's no documentation for the Palo Alto package, I can only guess that I did this right. Can you provide a list of filters that need to be updated to enable this? Such as the "All Firewall Deny Traffic" filter.

I have this installed and appreciate your work. I just wish there was better documentation for this to get me started in a successful way.

0 Likes
Reply
arosenfeld Absent Member.
Absent Member.

Re: P-Palo_Alto_Networks_PAN-OS.arb

Hi Mary,

I'm guessing that your package is also the one available on the Arcsight Marketplace. Activate P-Palo Alto Networks PAN-OS | HPE Marketplace

Anyway, I was trying to figure out what to do with that zip file that I downloaded from Marketplace too when I found your comment here about changing the zip extension to an arb. I tried this and it worked and imported into my Activate stuff on ESM.  Thanks for the tip!

0 Likes
Reply
MaryCordova Frequent Contributor.
Frequent Contributor.

Re: P-Palo_Alto_Networks_PAN-OS.arb

Sure!

Also...BTW...my package wasnt developed correctly using the package templates and I dont know if this was fixed by HP...I know now...mostly...how I should have done this...so fair warning. 

One other thing...this was just a "first pass".  Its mostly all system monitoring and not a lot of "Security Posture".  That still needs to be developed. 

0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.