TOC & Recently Viewed

Recently Viewed Topics

Palo Alto Firewall Example Audit Items

Nessus utilizes XSL Transforms (XSLT) and a native API to request information from PAN-OS based Palo Alto devices. Requests are made via the HTTP or HTTPS interface of the firewall, and require Superuser or Superuser (readonly) administrator credentials for PAN-OS >= 4.1.0, and Superuser administrator credentials on PAN-OS < 4.1.0. This allows you to perform audits against an operational config on the device.

Palo Alto Firewall Example

<custom_item>

type: AUDIT_XML

description: "Palo Alto Security Settings - 'fips-mode = on'"

info: "Fips-mode should be enabled."

api_request_type: "op"

request: "<show><fips-mode></fips-mode></show>"

xsl_stmt: "<xsl:template match=\"/\">"

xsl_stmt: " <xsl:apply-templates select=\"//result\"/>"

xsl_stmt: "</xsl:template>"

xsl_stmt: "<xsl:template match=\"//result\">"

xsl_stmt: "fips-mode: <xsl:value-of select=\"text()\"/>"

regex: "fips-mode:[\\s\\t]+"

expect: "fips-mode:[\\s\\t]+on"

</custom_item>

Copyright 2017 - 2018 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc. Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.