ciscosecurity/tr-05-palo-alto-ngfw
Palo Alto Networks Next-Generation Firewalls (NGFW) provide advanced and integrated security features beyond traditional firewalls. These features include application awareness, URL filtering, content inspection, and threat prevention capabilities. Forwarding NGFW logs to the Strata Logging Service, where they are normalized and enriched with endpoint and cloud data from various products, enables the ability to query NGFW alerts via the Cortex API. Leveraging Palo Alto Networks NGFW alerts allows you to query security detections for observables such as IP addresses, URLs, file names, MD5 hashes, SHA256 hashes, emails, and email subjects.
cisco_security_finding_dto
library-added support for OCSF
Updated relations
POST /health
POST /observe/observables
?start_time=
and end_time=
query parameters in ISO format.
POST /version
domain
email
email_subject
file_name
ip
ipv6
md5
sha256
url
Each response from the Cortex XDR API for the supported observables generates the following CTIM entities:
Attack Patterns
Indicators
Relationships
Sightings
{
"api_key": "<API key>",
"api_key_id": "<API ID>",
"api_base_url": "<API URL>",
"CTR_ENTITIES_LIMIT": "<limit the number of sightings in response. Default: 100 (optional)>"
}
docker pull ciscosecurity/tr-05-palo-alto-ngfw