Palo Alto Firewall Example Audit Items

Nessus utilizes XSL Transforms (XSLT) and a native API to request information from PAN-OS based Palo Alto devices. Requests are made via the HTTP or HTTPS interface of the firewall, and require Superuser or Superuser (readonly) administrator credentials for PAN-OS >= 4.1.0, and Superuser administrator credentials on PAN-OS < 4.1.0. This allows you to perform audits against an operational config on the device.

Palo Alto Firewall Example

<custom_item>

type: AUDIT_XML

description: "Palo Alto Security Settings - 'fips-mode = on'"

info: "Fips-mode should be enabled."

api_request_type: "op"

request: "<show><fips-mode></fips-mode></show>"

xsl_stmt: "<xsl:template match=\"/\">"

xsl_stmt: " <xsl:apply-templates select=\"//result\"/>"

xsl_stmt: "</xsl:template>"

xsl_stmt: "<xsl:template match=\"//result\">"

xsl_stmt: "fips-mode: <xsl:value-of select=\"text()\"/>"

regex: "fips-mode:[\\s\\t]+"

expect: "fips-mode:[\\s\\t]+on"

</custom_item>