When the AlienApp for Palo Alto Networks is enabled and connected to your Palo Alto Networks environment, you can launch app actions and create orchestration rules to send data from USM Anywhere to your Palo Alto device. For more information about the orchestration actions supported by the AlienApp for Palo Alto Networks, see AlienApp for Palo Alto Networks Orchestration.
Note: To fully integrate USM Anywhere with your Palo Alto Networks device, you should also have the Palo Alto Networks PAN-OS log collection enabled so that USM Anywhere can retrieve and normalizeNormalization describes the translation of log file entries received from disparate types of monitored assets into the standardized framework of Event types and sub-types. the raw log data. For information about enabling this raw log data retrieval, see Collecting Logs from Palo Alto Networks.
Before you can begin configuration, you must have the following information from the Palo Alto Networks Pan-OS and, if desired, from a Certificate Authority.
- An API key
- The IP address or hostname of the Palo Alto Networks Pan-OS
- (Optional) A Secure Socket Layer (SSL)Protocol used for transmitting private documents through the Internet. SSL works by using a public key to encrypt data that's transferred over the SSL connection. See also transport layer security. certificate from a trusted Certificate Authority
To acquire an API key for Palo Alto Networks PAN-OS
- Go to https://www.paloaltonetworks.com/documentation/71/pan-os/xml-api/get-started-with-the-pan-os-xml-api/get-your-api-key and follow the vendor instructions to generate the key.
- Copy the token to be entered in USM Anywhere.
To support the orchestration actions in USM Anywhere, you must configure a connection with the Palo Alto Networks Pan-OS firewall. This connection enables the AlienApp to send a request to the Palo Alto Networks Pan-OS API.
Important: USM Anywhere can only communicate with one Palo Alto Networks Pan-OS instance per sensor. If you have multiple Palo Alto Networks Pan-OS instances in your network, we recommend that you contact AlienVault Technical Support for setup help.
To configure the connection between the firewall and the AlienApp
- In USM Anywhere, go to Data Sources > Integrations.
- Click the AlienApps tab.
On the AlienApps page, click the Palo Alto Networks tile.
The Status tab is displayed, but it does not provide status information until the AlienApp for Palo Alto Networks is enabled and configured.
If you have more than one deployed USM Anywhere Sensor, select the sensor that you want to use for the enabled AlienApp.
AlienApps operate through a deployed sensor and use APIs to integrate with the connected third-party technology. Select the sensor that can access the integration endpoint. The HTTPS connections to the API will originate from this sensor.
- Click Enable.
- Click the Settings tab.
Specify the connection information for Palo Alto Networks:
- IP address and name: Enter the IP address or hostname of your Palo Alto Networks Pan-OS instance.
(Optional.) CA certificate: If you want to use a security certificate, select the checkbox and enter your certificate to establish a trusted SSL connection between the Palo Alto Networks Pan-OS and USM Anywhere.
- API key: Enter the API key that you generated in Palo Alto Networks Pan-OS.
- Click Save.