Palo Alto Next-Gen Firewall Out-of-the-box Response Integration

Palo Alto Next-Gen Firewall Out-of-the-box Response Integration

The Lumu Defender API offers a framework to help you leverage Lumu’s integrations with your existing cybersecurity stack, including Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), Endpoint Detection and Response (EDR); incident response systems; and more.
To get started with the Lumu Defender API, consult our getting started documentation.
This article shows how to create an external block list using Palo Alto Next-Gen Firewall. 

Requirements

  1. Palo Alto Next-Gen Firewall 
  2. A Lumu Defender subscription.
Out-of-the-box Integrations are part of Lumu Defender. This tier was built to help organizations orchestrate and automate defense against confirmed compromise instances. This tier allows the integration of Lumu’s real-time analysis into your security stack to mitigate and remediate compromise incidents quickly and precisely. To know more about Illumination options,  visit our site.

Add Integration

1. Log in to your Lumu account through the Lumu Portal and navigate to the integrations screen. 

Integrations screenFigure 1 - Integrations screen.

2. Locate the Palo Alto Next-Gen Firewall integration in the available apps area and click to add, then click to view details.
3. Familiarize yourself with the integration details available in the app description and click the button below to activate the integration.

Activate the integrationFigure 2 - Activate the integration.

4. To generate the integration URL, add a description and select the threat types you want to include in the list.

Generate the integration URLFigure 3 - Generate the integration URL.

Once you create the integration, you will be provided with the Integration URL:

Provided Integration URLFigure 4 - Provided Integration URL.
Deleting an integration will cause URLs to be removed. This action cannot be undone. To reintegrate you will have to generate the URLs again and update your Palo Alto Next-Gen Firewall configuration.

Set Up Palo Alto Next-Gen Firewall

Now that you have the integration URL, it’s necessary to configure a dynamic block list on Palo Alto Next-Gen Firewall. The following are some examples and recommendations to conduct its proper configuration. Bear in mind that the following steps are highly dependent on the characteristics of your environment.
Below you have an example of how to use an External Dynamic List for URL Filtering.

Example:  Using a URL List and URL filtering profile

In this example, the URL list is added to a security policy that is created under a URL filtering profile. For this, go to your Palo Alto Next-Gen Firewall admin portal and create an External Dynamic List. 
  1. When creating the External Dynamic List, enter the required information, including the source URL you obtained from Lumu on step 4. Make sure to select ‘URL List’ in the ‘Type’ parameter.
  2. Modify the update frequency according to your business needs. The Palo Alto Next-Gen Firewall documentation recommends setting this parameter to ‘Hourly’. 
Figure 5 - Select ‘URL List’ in the ‘Type’ parameter

After creating the External Dynamic list, you must use it inside a security policy created under the URL filtering profile. 
  1. The following is an example of said policy:
URL filtering profile security policy.Figure 6 - URL filtering profile security policy.

Bear in mind that the characteristics of the policy must be defined by your organization. For more details on External Dynamic Lists, consult Palo Alto Next-Gen Firewall’s documentation.
        • Related Articles

        • Palo Alto Next-Gen Firewall Custom Integration with Lumu Defender API

          Before going through this article, check our Out-of-the-box App Integrations category. This is the recommended way to integrate the components of your cybersecurity stack with Lumu. If the product you are looking to integrate is there, it is advised ...
        • Check Point Next Generation Firewall (NGFW) Out-of-the-box Response Integration

          The Lumu Defender API offers a framework to help you leverage Lumu’s integrations with your existing cybersecurity stack, including Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), Endpoint ...
        • Defender API

          Some enterprises may already be using diverse defense solutions such as Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR) technologies, etc. Lumu provides an easy-to-use and comprehensive API ...
        • Juniper SRX Firewall Out-of-the-box Response Integration

          The Lumu Defender API offers a framework to help you leverage Lumu’s integrations with your existing cybersecurity stack, including Security Information and Event Management (SIEM); Security Orchestration, Automation, and Response (SOAR); Endpoint ...
        • Crowdstrike Custom Response Integration with Lumu Defender API

          Before going through this article, check our Out-of-the-box App Integrations category. This is the recommended way to integrate the components of your cybersecurity stack with Lumu. If the product you are looking to integrate is there, it is advised ...