OpenDXL-ATD-PANFW 1.0.0

jnetz
Jul 3rd 2018
911 Downloads
0 Comments

Website: https://github.com/PoesRaven/ATD_PANFW

Take the fun out of combing through your ATD reports searching for IoCs to populate your PaloAlto Firewall security policy with OpenDXL-ATD-PANFW integration.

Introduction

ATD-PANFW continuously listens for new ATD indicators discovered through any numerous means. Once discovered, IPs and domains which are convicted as malicious will be stored in the sqlite db. The sqlite db is dynamically generated on first use and automatically updated each use thereafter.

Simultaneously, ATD-PANFW creates 2 web urls ~/ip and ~/domain which can be used in PAN FW to create an External Dynamic Blocklist.

Startup

During startup, the code checks for the existence of the ips_domains.db database. If it does not exist, it is created. Then a connection is made to the DXL fabric and the client begins listening for new ATD IoCs.

_{Icons made by Smashicons from}_{www.flaticon.com} _{is licensed by}_{CC 3.0 BY}

Version 1.0.0
- Jul 3rd 2018
- 911 Downloads

OpenDXL-ATD-PANFW 1.0.0

Introduction

Startup

Version 1.0.0

Node-RED Flow: AD Computer and ePO System Compare

OpenDXL-QChat

OpenDXL-WildFireTIE

OpenDXL-RIMalShare

Share