SecurityCenter & Palo Alto Configuration Guide. About this Guide This guide provides an overview of how to get the most from Palo Alto firewalls when.

Slides:



Advertisements
Similar presentations
Welcome to WebCRD.
Advertisements

DSL-2730B, DSL-2740B, DSL-2750B.
DNR-322L & DNR-326.
HELP GUIDE NEW USER REGISTRATION (SLIDE 2) TAKING A QUIZ (SLIDE 8) REVIEWING A QUIZ (SLIDE 17) GROUP MEMBERSHIP (SLIDE 26) CREATING QUIZZES (SLIDE 31)
DVG-N5402SP.
SecurityCenter & Palo Alto Configuration Guide. About this Guide This guide provides an overview of how to get the most from Palo Alto firewalls when.
Finding Exploitable Admin Systems A “How To” Guide for SecurityCenter.
Vulnerability Types And How to Use Them.
Implementing RADIUS AAA Phil & Rick. Content Terms and Concepts Access Control What is AAA? Benefits of AAA What is RADIUS? Microsoft IAS Overview Installation.
Teacher Development Broward County Public Schools Matching Aspiring Teachers with Teacher Mentors Office of Talent Development formerly known as HRD.
Guide to MCSE , Enhanced 1 Activity 10-1: Restarting Windows Server 2003 Objective: to restart Windows Server 2003 Start  Shut Down  Restart Configure.
DWR-113 FAQ’s 3G WiFi Router.
TIMS LOGIN AND APPLICATION INFORMATION Spring
Start the slide show by clicking on the "Slide Show" option in the above menu and choose "View Show”. or – hit the F5 Key.
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Two Deploying Windows Servers.
MagicInfo Pro Server Software All control, content, and scheduling is performed within the MagicInfo Pro Server software previously installed. Before.
Getting started on informaworld™ How do I register my institution with informaworld™? How is my institution’s online access activated? What do I do if.
Introduction to our On-Line Self Service Center at
Malware Hunter How To Guide for SecurityCenter Continuous View™
Ch 8. The Control Panel Window –Category View The Control Panel Window –Small icons View.
AQS Web Quick Reference Guide Changing Raw Data Values Using Maintenance 1. From Main Menu, click Maintenance, Sample Values, Raw Data 2. Enter monitor.
Home Media Network Hard Drive Training for Update to 2.0 By Erik Collett Revised for Firmware Update.
1 © 2006 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Confidential Configuring Attendant Console.
Creating a Web Site to Gather Data and Conduct Research.
Start the slide show by clicking on the "Slide Show" option in the above menu and choose "View Show”. or – hit the F5 Key.
Otasuke GP-EX! Chapter 11 GP-Viewer EX
Instructors begin using McGraw-Hill’s Homework Manager by creating a unique class Web site in the system. The Class Homepage becomes the entry point for.
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Four Windows Server 2008 Remote Desktop Services,
Using Assets with Dashboards A Guide. About this Guide This guide shows how to create, export, and load a dashboard that requires an asset This guide.
Pack Company Procedures. Accepting a HIP request from a supplier Allocating the Component Providers Sending the instruction through to the Component Providers.
IFORM ACCOUNT MAINTENANCE ICT4D SESSION 4. IFORMBUILDER WEBSITE REQUIREMENTS To access the iFormBuilder website, you need the following items: -Reliable.
0 eCPIC Admin Training: Automating User Account Management These training materials are owned by the Federal Government. They can be used or modified only.
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Five Windows Server 2008 Remote Desktop Services,
How to Use Facebook This guide will help you navigate around the social networking site, Facebook.
0 eCPIC Admin Training: OMB Submission Packages and Annual Submissions These training materials are owned by the Federal Government. They can be used or.
) Main Menu: You can access all aspects of the database from this screen 2) Contacts: You can access the “contact database management” side of.
SMS Software Distribution. Overview  Explaining How SMS Distributes Software  Managing Distribution Points  Configuring Software Distribution and the.
Table of Contents TopicSlide Administrator Login 2 Administrator Navigations 3 Managing AlternativeDr.com Blogs 4 Managing Dr. Lloyd May Blogs 5 Managing.
How to Deploy and Configure the Smart Net Total Care CSPC Collector
Add Additional Parent Accounts Ascend SMS User Guide.
CheckPoint Reporting System for Seismic Surveys Setting Up for Multiple Users December 2012 Mid Point Geo Limited PO Box 7437 Reading Berkshire RG27 7HQ,
Introduction to KE EMu Unit objectives: Introduction to Windows Use the keyboard and mouse Use the desktop Open, move and resize a.
IS493 INFORMATION SECURITY TUTORIAL # 1 (S ) ASHRAF YOUSSEF.
1 Terminology. 2 Requirements for Network Printing Print server Sufficient RAM to process documents Sufficient disk space on the print server.
Introduction to KE EMu Unit objectives: Introduction to Windows Use the keyboard and mouse Use the desktop Open, move and resize a.
Using Find / Update in SecurityCenter Reports A “How To” Guide for SecurityCenter.
Folio3 IPhone Training Session 2 Testing App on device Presenter: Imam Raza.
Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring Windows Server 2008 Printing.
Top-performing urban school district in Florida Introduction to TIDE 1.
Associate ® Administration An Associate administrator has the ability to change the parameters for both the author and for the typist. There can be enterprise.
As a distinctive management software product, DN4 platform can provide useful and convenient remote management and inquiry services. Through DN4, users.
2012 TELPAS Online Testing & Data Collection. Disclaimer  These slides have been prepared by the Student Assessment Division of the Texas Education Agency.
Remote Access Using a Netgear DG834 Router 1http://
Fab25 User Training Cerium Labs LabCollector - LIMS Lynette Ballast.
Online Recruiting System Hiring Manager Presentation This presentation will take about 15 minutes. Click on your mouse to go to the next slide OR click.
2016 TELPAS Online Testing & Data Collection. Disclaimer  These slides have been prepared by the Student Assessment Division of the Texas Education Agency.
CACI Proprietary Information | Date 1 PD² v4.2 Increment 2 SR13 and FPDS Engine v3.5 Database Upgrade Name: Semarria Rosemond Title: Systems Analyst, Lead.
Configuring ALSMS Remote Navigation
Account Management Demonstration.
Applying for a contractor’s license online
Cloud Connect Seamlessly
Online Testing System Assessment Viewing Application (AVA)
Student Travel Reimbursement
Chapter 8: Monitoring the Network
How to Create and Start a Test Session
Applying for a contractor’s license online
Online Testing System Assessment Viewing Application (AVA)
Online Testing System Assessment Viewing Application (AVA)
Chapter 10: Advanced Cisco Adaptive Security Appliance
Presentation transcript:

SecurityCenter & Palo Alto Configuration Guide

About this Guide This guide provides an overview of how to get the most from Palo Alto firewalls when using SecurityCenter Continuous View, Nessus, and Log Correlation Engine (LCE). Covered in this Guide: o Audit Scanning o Log Configuration on PAN-OS (Palo Alto Firewalls) o NetFlow Configuration (PAN-OS & LCE) o LCE Normalized Logs o SecurityCenter Dashboard & Reporting

Audit Scanning SecurityCenter & PAN-OS

PAN-OS Configuration Tasks Create a service account for SecurityCenter to use. Allow SecurityCenter to connect to the management interface. Set up SNMP to be allowed by local security policies.

Service Account Login to PAN-OS and navigate to the Device tab On the left-hand side, in the menu items, select Administrators Click the “ADD” button at the bottom of the screen Fill out the fields accordingly

PAN-OS Management Interface Login to PAN-OS and navigate to the Device tab. On the left-hand side, in the menu items, select “Setup” & Management Tab Click on the icon located in the “Management Interface Settings” Configure HTTPS/Ping/SNMP management services. Assign the Permitted IP Addresses as necessary

SNMP Configuration Login to PAN-OS and navigate to the Device tab On the left hand side, in the menu items, select “Setup” & Operations Tab Click the icon to enter SNMP Configuration Configure the SNMP Settings according to local security policy

SecurityCenter Configuration Tasks Import Audit File Create Credentials Create Scan Policy

Import Audit File Login to SecurityCenter and select Scans > Audit Files Click the button. Enter a search term to locate the appropriate audit file template. Select the appropriate template from the results. Provide a name and description for the audit file in the search window. Click submit to save the file.

Create Credentials Login to SecurityCenter and select Scans > Credentials Click the button SNMP credentials are added here The API credentials are part of the scan policy.

Create Scan Policy Login to SecurityCenter and select Scans > Policies Click the button. Click the Advanced Scan icon. Configure the basic settings as needed. Note: Netstat port scanners are not necessary. Under Compliance, select the audit file that was previously uploaded. Under Plugins, enable plugins & 64286, along with other plugins as necessary. Under Authentication, configure the PAN-OS settings

Log Configuration PAN-OS (Palo Alto Firewalls)

Log Configuration Settings The PAN-OS log configuration settings are in four places. Device > Server Profiles Device > Log Settings Objects > Log Forwarding Policies o All policies are configurable o Permit Policies o Deny Policies

Device > Server Profiles Configure the LCE as the syslog server Login to PAN-OS and navigate to the Device tab. On the left-hand side, in the menu items, select Server Profiles > Syslog Create the syslog profile Set the IP address, port, and log level

Device > Log Settings Set up the LCE to collect device level syslog events Login to PAN-OS and navigate to the Device tab On the left-hand side, in the menu items, select Log Settings System = Severity Setting Select the syslog server profile for each severity level

Objects > Log Forwarding Log Forwarding is for security policies to use to forward logs. This can be for traffic based events and deny traffic events. Login to PAN-OS and navigate to the Objects tab. On the left-hand side, in the menu items, select Log Forwarding. Configure the setting as desired.

Policies Login to PAN-OS and navigate to the Policies tab. Note: In this example we will use “Security” policies, but the same concept applies to all types On the left-hand side, in the menu items, select Security. Double-click a Permit policy o Check Log at Session Start|End o Select the Log Forwarding Service Double-click a Deny policy o Check Log at Session Start|End o Select the Log Forwarding Service

Netflow Configuration PAN-OS & LCE

PAN-OS Settings Configure the LCE as the Syslog Server. Login to PAN-OS and navigate to the Device tab. o On the left-hand side, in the menu items, select Server Profiles > Netflow Server o Apply the applicable server settings o Ex: : 9995 Navigate to the Network tab. o On the left-hand side, select Interfaces o Choose the interface for which to capture network traffic. o Apply NetFlow profile

NetFlow Client Download and install the Tenable NetFlow client o The lab was built with the following version: TenableNetFlowMonitor es6.x86_64.rpm Set the LCE Server o /opt/netflow_monitor/set-server-ip.sh o Answer the prompts with the correct information for your environment. o When complete, the NetFlow Monitor daemons will automatically start.

LCE Policy Configuration Login to SecurityCenter as “admin” Select Resources > LCE Clients. Click to Authorize and Assign Policy.

Normalized Logs LCE

Normalized Logs The Tenable LCE team has normalized a series of log events to support Palo Alto. Paloalto-Allow_TCP_Start Paloalto-Allow_TCP_End Paloalto-Allow_UDP_Start Paloalto-Allow_UDP_End Paloalto-Allow_ICMP_Start Paloalto-Allow_ICMP_End Paloalto-Deny_TCP Paloalto-Deny_UDP Paloalto-Deny_ICMP Paloalto-Deny_TCP Paloalto-Deny_UDP Paloalto-Deny_ICMP Paloalto-Configuration_Edit Paloalto-Configuration_Delete Paloalto-Configuration_Commit Paloalto-System_General_Msg Paloalto-Threat_Spyware Paloalto-Threat_URL Paloalto-Threat_Vulnerability Paloalto-Threat_File Paloalto-Threat_Virus Paloalto-Authentication_Failed Paloalto- Authentication_Failed_Threshold_ Reached

Sample Normalized Events

Dashboard SecurityCenter

Dashboard

Dashboard Components Palo Alto Status - Device Audit Vulnerabilities - This component displays a pass/fail indicator by check type. The Tenable_Palo_Alto_PAN-OS_Best_Practices.audit file has five check types, each focusing on a separate part of the configuration audit. Device: The firewall management and base operation settings Users: Lists local users in the device Security: Verifies the security setting of the configuration Update: Verifies the update server is configured Reports: The output from several report commands to display the report status Palo Alto Status - Netflow Summary - This component displays a summary of the top 10 TCP ports identified by Palo Alto native network collector. Palo Alto Status - Netflow By Port - This component displays the session count of the top 10 TCP ports identified by Palo Alto native network collector. Palo Alto Status - Top 10 Events - This component displays count of the top 10 Palo Alto syslog events. Palo Alto Status - Event Trend Summary - This component displays a trend line for the top 10 Palo Alto syslog events. Palo Alto Status - Event Indicator - This indicator component displays a series of Palo Alto syslog event indicators.

For Questions Contact Cody Dumont

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.