Paloalto

Nexpose -> Palo Alto integration Gem.

This gem is an integration between Nexpose Dynamic Asset Groups and Palo Alto's PAN Tags. By using this integration, dynamic asset groups could be setup in Nexpose that correspond to groups in PAN with applicable policies.

For example:

  • Create a DAG in Nexpose which affects a particular vulnerability (Heartbleed).
  • Define a policy in PAN to block SSL (mitigates temporarily Heartbleed).
  • Run this gem with the Hearbleed DAG in the configuration.
  • All assets identified by Nexpose will be registered in PAN.
  • Apply PAN Heartbleed Policy on the created group.

Installation

Add this line to your application's Gemfile:

gem 'paloalto'

And then execute:

$ bundle

Or install it yourself as:

$ gem install paloalto

Usage

Follow these steps once installed:

  • Modify the file nexpose_paloalto.config under the lib/paloalto/config folder, and add the DAGs to report on. Sites can also be used.

  • Also include the port for the Nexpose console if it does not use the default port.

  • Add the following information to the configuration file, or set as environment variables:

    • NEXPOSE_URL (IP address or hostname)
    • NEXPOSE_USERNAME
    • NEXPOSE_PASSWORD
    • PAN_URL
    • PAN_USERNAME
    • PAN_PASSWORD
  • Run the command 'nexpose_paloalto' under the bin folder.

  • (Optional) Review the log file under the logs folder in the Gem path.

For any support requests, please email [email protected] with a description of the issue and any logs available.

Notes on Environment Variables

For Linux systems, make sure they are added to the current environment where the gem is run.

For Windows systems, make sure they are set within the environment variables section in your Control Panel.

Encryption Settings

The usernames and passwords within the configuration files are automatically encrypted when the integration runs. The key and IV files used during encryption/decryption are saved within the config folder by default.

Setting Custom Locations for Encryption Files

To set custom locations for the key and IV files, update the following values within the encryption.config file:

  • key_filename - The absolute path to where the key file will be created.
  • iv_file - The absolute path to where the IV file will be created.

To set a custom path after the integration has already executed, the files must be moved to the new location manually.

Encrypting the Configuration without running the Integration

The Nexpose Paloalto integration can encrypt its configuration file without running the gem. This allows users to secure their login information for future use e.g for use in a cron-schedule.

The command to do so is:

nexpose_paloalto -e

or

nexpose_paloalto --encrypt_config

Changelog

0.1.3

User now has the option to configure the gem using a configuration file as well as with environment variables. DAG and site selection has now been moved to the configuration file.

Added an encryption configuration file. Usernames and passwords within the configuration files are now encrypted when the application runs.

Command line options have been added to the gem. Several are common to all Nexpose gem integrations. Call the gem with '-h' or '--help' to view these options.