Date published: 2023-01-16

SYNAPSA Auditor integrity check for Palo Alto

How to use an integrity check for Palo Alto firewall with regular expressions

palo_alto_firewall_regular_expressions_1

The API Response is:

<response status="success">
    <result>
        <dns-setting>
            <servers>
                <primary>
                    1.1.1.1
                </primary>
                <secondary>
                    4.2.2.2
                </secondary>
            </servers>
        </dns-setting>
    </result>
</response>

The goal is to check if the Primary DNS Server is 1.1.*.1 and Secondary is 4.2.*.2

palo_alto_firewall_regular_expressions_2

The Integrity check will not only check the static values, but will compare the value from the firewall configuration against to the conditions.

Format of the regex check is: xml-nametag|string|/^REGULAR_EXPRESSION$/|regex

primary|string|/^[1].[1].*.[1]$/|regex
Match examples: 1.1.5.1, 1.1.8.1
Not matching: 2.1.1.1, 1.2.1.1, 1.1.1.6

secondary|string|/^[4].[2].*.[2]$/|regex
Match examples: 4.2.2.2, 4.2.4.2
Not matching: 1.1.1.1, 4.4.2.2, 4.2.2.3

You can specify your own regular expression conditions, full RegEx is supported. If you need to validate your regular expression, use https://www.regextester.com.

Auditor alert will be generated in case of any of the conditions are not matching the regex values.

palo_alto_firewall_regular_expressions_3