PaloAltoNetworks/iron-skillet PaloAltoNetworks/iron-skillet

  • Stars
    star
    200
  • Rank 195,325 (Top 4 %)
  • Language
    Python
  • License
    MIT License
  • Created over 6 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
PaloAltoNetworks/iron-skillet
github

PaloAltoNetworks

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

IronSkillet is a set of day-one configuration templates for PAN-OS to enable alignment with security best practices. See the Quick Start section below to get started using the template configurations.

IronSkillet Day One Configuration Template

The purpose of the IronSkillet project is to provide day-one best practice configuration templates that can be loaded into a Palo Alto Networks Next-Generation Firewall or Panorama management platform.

Once loaded, the configuration can be augmented with use case specific security policies and other deployment requirements including interfaces, zones, and NAT.

Detailed information can be found in the IronSkillet Documentation

The docs include a IronSkillet Visual Guide for a view of IronSkillet from a GUI perspective.

Quick Start

The templates are provided with a variety of usage options based on the user operational environment.

PanHandler Skillet Player

A quick and easy way to play IronSkillet and other skillets is with the panHandler application.

The panHandler quick start guide in the Skillet District Live community walks you through installation and usage including how to import the IronSkillet skillets.

SLI

The Skillet Line Interfacing tool is a CLI interface that can also be used to load and work with skillets. Please refer to the README document found within the following SLI repository. This will walk you through the installation and basic usage of SLI in the context of skillets.

SLI Commands to Load Skillet

> sli load
# Above line loads and views all skillets found in the working directory
> sli load -sd {Directory Containing Skillets}
# Above line loads and views all skillets found in the given directory

Getting templates from the repo

Users can either grab content file-by-file from the github repo or download all content to a local drive.

TIP: when copying or getting text files from the repo, users should select the Raw format. This is found as a GUI option when viewing the file.

Downloading the files is done using a git clone command or a direct download of the repo as a zip file.

git clone https://github.com/PaloAltoNetworks/iron-skillet.git

Loading configurations using IronSkillet defaults

The loadable_configs directory contains a variety of ready-to-go NGFW and Panorama configurations based on iron-skillet template defaults. These can be loaded 'as-is' and later updated using the GUI or CLI.

The two options to load are:

  • ...full.xml: complete xml configuration to import and load
  • ...full.conf: complete list of CLI-based set commands
Full XML configuration file

Loading the full XML file as a candidate configuration:

* Log into the GUI
* Go to `Device` > `Setup` > `Operations`
* Choose `Import named configuration snapshot`
* Select the file from a local directory to import
* Choose `Load named configuration snapshot`
* Review the loaded configuration and `commit` to apply changes

WARNING: this configuration replaces the existing configuration and is not a merge of configurations. Merging configurations requires the use of load config partial referencing select xpaths to be loaded and merged.

SET commands

Using set commands to load in a configuration:

  • Log into the CLI
  • Enter configure to enter configuration mode
  • Copy a cluster of set commands, 30-40 lines recommended as maximum
  • Paste into the command line and hit Enter to ensure the last line is entered
  • Add all set commands in the conf file
  • Enter commit

TIP: Before entering configure mode, you can use set cli scripting-mode on to paste in a higher volume of lines. This will however remove the option to use '?' as a command-line helper. If scripting mode is enabled and you wish to disable, simply return to CLI operation mode with exit and enter 'set cli scripting-mode off'.

Editing Loaded Configurations

The detailed documentation provides a list of variables that can be edited and instructions for GUI and CLI edits to these values.

IronSkillet variables

Using the SET Command Spreadsheet to Edit Values

Found in templates/panorama/set_commands and templates/panos/set_commands are formula-based Excel files.

The cells in the values worksheet can be edited to create a localized configuration without the iron-skillet defaults. This updates the values in the set commands worksheet. Using the set command steps above, the configuration can then be loaded using the CLI.

WARNING: only update the values worksheet. Using caution if editing the worksheets to ensure cell references and formulas are not incorrect.

SLI Tooling Directory

As an alternative, the Tools directory within the IronSkillet repository contains a README.md file going over how to use various SLI commands to help manage and create loadable configurations among other useful functions. Following the detailed steps in the README and Using SLI to accomplish these tasks is quick, efficient and easy.

Recommended Reading for Additional Best Practice Configuration Steps

Prior to utilizing these configuration templates, it is important to familiarize yourself with the best practice recommendations for Internet Gateway, Datacenter, Wildfire, L4-L7 evasions and other use cases.

Best Practice Recommendations

While useful as suggestions and recommendations, the user is still required to manually use the GUI or CLI to configure each recommendation.

Contributing

Please read CONTRIBUTING.md for details on how you can help contribute to this project.

Support

This is a Palo Alto Networks contributed project.

Authors

See also the list of contributors who have participated in this project.

License

This project is licensed under the MIT License - see the LICENSE file for details

More Repositories

1

docusaurus-openapi-docs

๐Ÿฆ OpenAPI plugin for generating API reference docs in Docusaurus v3.
TypeScript
683
star
2

WireLurkerDetector

Script for detecting the WireLurker malware family
Python
412
star
3

minemeld

Main MineMeld documentation repo
373
star
4

pan-os-python

The PAN-OS SDK for Python is a package to help interact with Palo Alto Networks devices (including physical and virtualized Next-generation Firewalls and Panorama). The pan-os-python SDK is object oriented and mimics the traditional interaction with the device via the GUI or CLI/API.
Python
339
star
5

rbac-police

Evaluate the RBAC permissions of Kubernetes identities through policies written in Rego
Go
280
star
6

ansible-pan

Ansible modules for Palo Alto Networks NGFWs
Python
228
star
7

pan-os-ansible

Ansible collection for easy automation of Palo Alto Networks next generation firewalls and Panorama, in both physical and virtual form factors.
Python
201
star
8

minemeld-core

Engine of MineMeld
Python
140
star
9

terraform-templates

This repo contains Terraform templates to deploy infrastructure on AWS and Azure and to secure them using the Palo Alto Networks Next Generation Firewalls
Python
138
star
10

ansible-playbooks

Sample playbooks for the Palo Alto Networks Ansible modules.
Jinja
124
star
11

azure

VM-Series ARM Templates for Microsoft Azure
Python
101
star
12

Splunk-Apps

Palo Alto Networks App for Splunk leverages the data visibility provided by Palo Alto Networks next-generation firewalls and endpoint security with Splunk's extensive investigation and visualization capabilities to deliver an advanced security reporting and analysis tool.
Python
93
star
13

IAM-Deescalate

IAM-Deescalate helps mitigate privilege escalation risk in AWS identity and access management (IAM)
Python
89
star
14

terraform-provider-panos

Terraform Panos provider
Go
87
star
15

prisma-cloud-policies

PCS Policies Release Notice
81
star
16

prisma-cloud-docs

Prisma Cloud docs
80
star
17

aws

VM-Series for Amazon Web Services
Python
71
star
18

prisma_channel_resources

A collection of technical and sales resources related to Prisma Cloud Compute and Prisma Cloud Enterprise created for the PANW Channel Partner Ecosystem and other engineers working with the solution
Shell
66
star
19

pcs-postman

Postman collections for Prisma Cloud
60
star
20

aws-elb-autoscaling

Auto Scaling VM-Series firewalls in AWS
HTML
57
star
21

pan-os-php

Framework and utilities to easily manage and edit Palo Alto Network PANOS devices
PHP
54
star
22

terraform-provider-prismacloud

Terraform PrismaCloud provider
Go
53
star
23

Prisma-Enhanced-Remediation

Create custom auto-remediation solutions using serverless functions in the cloud.
Python
52
star
24

pango

pango is the underlying library for the Palo Alto Networks Terraform provider
Go
52
star
25

pyjarm

pyJARM is a library for doing JARM fingerprinting using python
Python
50
star
26

AWS-GWLB-VMSeries

This repository contains CFT and TF templates for deploying VM-Series Firewalls behind AWS Gateway Load Balancer
HCL
50
star
27

minemeld-ansible

Ansible playbook for installing MineMeld on Linux
Shell
48
star
28

can-ctr-escape-cve-2022-0492

Test whether a container environment is vulnerable to container escapes via CVE-2022-0492
Shell
46
star
29

prisma-cloud-scan

GitHub action to scan container images with Palo Alto Networks' Prisma Cloud
JavaScript
46
star
30

prismacloud-api-python

Prisma Cloud utility scripts, and a Python SDK for Prisma Cloud APIs.
Python
45
star
31

pan-cortex-data-lake-python

Python idiomatic SDK for Cortexโ„ข Data Lake.
Python
44
star
32

InstallerHijackingVulnerabilityScanner

Java
43
star
33

research-notes

43
star
34

terraform-azurerm-vmseries-modules

Terraform Reusable Modules for VM-Series on Azure
HCL
43
star
35

aws-transit-vpc

automated AWS transit vpc
Python
41
star
36

panhandler

Panhandler is a tool to manage config snippets and Skillets for PAN-OS devices
HTML
41
star
37

minemeld-webui

WebUI of MineMeld
TypeScript
41
star
38

pan.dev

Palo Alto Networks for Developers
MDX
39
star
39

pcs-sizing-scripts

Prisma Cloud sizing scripts
Shell
37
star
40

minemeld-node-prototypes

Prototypes for MineMeld nodes
Python
37
star
41

TransitGatewayDeployment

Creates a Transit Gateway with two server VPCs and a security VPC
Python
35
star
42

terraform-aws-vmseries-modules

Terraform Reusable Modules for VM-Series on AWS
HCL
32
star
43

Kubernetes

Repository for Palo Alto Networks Kubernetes Security - CN Series.
30
star
44

ReferenceArchitectures

Palo Alto Networks Reference Architectures
29
star
45

evident-custom-signatures

Evident Security Platform Custom Signatures Samples
Ruby
28
star
46

pan-fca

Flexible Cloud Automation
Python
28
star
47

prismacloud-cli

The Prisma Cloud CLI is a command line interface for Prisma Cloud by Palo Alto Networks.
Python
27
star
48

terraform-best-practices

A set of best practices to be followed when contributing to the Palo Alto Networks terraform modules
27
star
49

report_to_misp

Parse a report and import the events into MISP
Python
26
star
50

tg

Certificate generation made easy
Go
26
star
51

autofocus-lenz

A command line utility to aid in using autofocus for IR and research
Python
25
star
52

azure-applicationgateway

Scale out security for web deployments using VM-Series firewalls and Azure Application Gateway web load balancer
25
star
53

prisma-cloud-compute-sample-code

Example scripts, snippets, and other documents related to Prisma Cloud Compute
Open Policy Agent
25
star
54

lab-aws-gwlb-vmseries

Materials for PS Regional Training AWS lab
HCL
24
star
55

terraform-provider-prismacloudcompute

Terraform provider for Prisma Cloud Compute
Go
24
star
56

gaia

Aporeto API (Elemental model)
Go
23
star
57

cobra-tool

Cloud Offensive Breach and Risk Assessment (COBRA) Tool
Python
23
star
58

prisma.pan.dev

The home of Developer docs for Prisma by Palo Alto Networks
JavaScript
21
star
59

Azure-Transit-VNet

Azure security with VM-Series in a hub-and-spoke architecture
Python
19
star
60

pan-stix

pan-stix
Python
19
star
61

minemeld-misp

MineMeld nodes for MISP
Python
19
star
62

autofocus-client-library

A python client library for interfacing with the autofocus rest services
Python
19
star
63

openstack-templates

VM-Series Firewalls on OpenStack
Rich Text Format
19
star
64

Splunk_TA_paloalto

The Palo Alto Networks Add-on for Splunk allows a Splunkยฎ Enterprise or Splunk Cloud administrator to collect data from Palo Alto Networks Next-Generation Firewall devices and Advanced Endpoint Protection.
Python
19
star
65

azure-autoscaling

Azure autoscaling solution using VMSS
C#
17
star
66

regolithe

Regolithe Specifications + Dev Tools
Go
17
star
67

elemental

Go library implementing the Regolithe specifications as Elemental model
Go
17
star
68

tcpsession

A python library to extract TCP sessions from PCAPs.
Python
16
star
69

prisma-cloud-best-practices

Prisma Cloud best practice documentation and guides
16
star
70

GCP-Terraform-Samples

This repository is deprecated
HCL
16
star
71

manipulate

Go library to perform CRUD operations on an Elemental model with multiple backend implementations
Go
16
star
72

minemeld-docker

Official Palo Alto Networks MineMeld docker
Shell
15
star
73

cn-series-deploy

A set of Terraform plans for deploying a Kubernetes cluster protected by a CN-Series containerize firewall
HCL
15
star
74

prisma-cloud-compute-operator

Makefile
15
star
75

prisma-cloud-go

Prisma Cloud SDK in Go
Go
15
star
76

multicloud-automation-lab

Multi-Cloud Security Automation Lab
HCL
14
star
77

pantools

A collection of pre-installed tools commonly used with Palo Alto Networks products packaged as a Docker container
Dockerfile
14
star
78

terraform-provider-cloudngfwaws

The Terraform provider for the Palo Alto Networks AWS cloud NGFW
Go
14
star
79

terraform-ansible-intro

Introduction to Terraform and Ansible
HCL
14
star
80

terraform-google-vmseries-modules

Terraform Reusable Modules for VM-Series on Google Cloud Platform (GCP)
HCL
13
star
81

wsc

wsc is a library that allows to interact with web sockets using channels.
Go
13
star
82

cn-series-helm

This repo is for deploying CN-series firewall using Helm Package Manager for Kubernetes
Mustache
13
star
83

aws-alb-sandwich

AWS ALB Sandwich with VM-Series
PHP
12
star
84

cis-benchmarks

CIS benchmark quickplay for rapid assessments of the NGFW
Jinja
12
star
85

SafeNetworking

Read only mirror. To contribute or submit issues, please go to the website link --->
Python
12
star
86

misp-to-autofocus

Script for pulling events from a MISP database and converting them to Autofocus queries.
Python
12
star
87

Prisma-Cloud-DevOps-Security

Shell
12
star
88

gcp-two-tier

VM-Series templates for Google Cloud Platform
Python
11
star
89

pcs-serverless-syslog

Prisma Cloud serverless function that can accept webhook and send alerts to syslog, S3, and SQS
Python
11
star
90

mtlsproxy

Simple mtls HTTPs proxy to use as a sidecar for protecting non critical services
Go
11
star
91

youtube-miner

MineMeld Miner for Youtube channels
Python
11
star
92

terraform-provider-prismacloud-orig

Terraform provider for Prisma Cloud
Go
11
star
93

HomeSkillet

Simple 2-zone internet gateway configuration for home use
Jinja
11
star
94

pancloud-nodejs

Palo Alto Networks Application Framework NodeJS SDK
TypeScript
11
star
95

panos-bootstrapper

A Utility to bootstrap a new PAN-OS NGFW. This utility provides an API only. An example web interface is provided here: https://github.com/PaloAltoNetworks/panos-bootstrapper-ui
Python
11
star
96

prisma-access-skillets

Suite of skillets for initial Prisma Access deployment and configuration
HCL
10
star
97

panos-bootstrapper-ui

PAN-OS Bootstrapper UI provides a simple, example web-UI that consumes the PAN-OS Bootstrapper utility API.
Python
10
star
98

terraform-iac-lab

Infrastructure as Code lab using Terraform and GCP
HCL
9
star
99

pan-threat-vault-python

Python interface to the Palo Alto Networks Threat Vault API
Python
9
star
100

azure-terraform-vmseries-fast-ha-failover

Azure Load Balancer and HA Combined Deployment for Faster Failover with no API Calls
HCL
9
star