Skip to content

DctrG/safe-networking

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

37 Commits
docs
docs
 
 
install
install
 
 
log
log
 
 
project
project
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
_config.yml
_config.yml
 
 
requirements.txt
requirements.txt
 
 
sfn
sfn
 
 

Repository files navigation

SafeNetworking

GitHub release GitHub repo size in bytes

SafeNetworking is a software application that recevies both THREAT and TRAFFIC syslogs events from Palo Alto Networks NGFWs. Using the Palo Alto Networks Threat Intelligence Cloud, SafeNetworking is able to correlate some of the threat logs (DNS queires mainly) with malware known to be associated with the event in question. SafeNetworking utilizes ElasticStack's open-source version to gather, store and visualize these enriched events.

Before using SafeNetworking, please read and understand our Support Policy
For a more detailed introduction to SafeNetworking, see What is SafeNetworking?
For the latest information and release specific notes view the release notes

To install, follow the directions below. There is also a VM that can be obtained from your Palo Alto Networks account team that can be used for a proof-of-concept of SafeNetworking and comes pre-installed and ready to go.

NOTE: If you already have an ElasticStack cluster (i.e. ElasticCloud or a local install) skip to step 2

1.) Infrastructure Setup Instructions

2.) Install SafeNetworking

3.) Configure SafeNetworking for your installation

4.) NGFW Configuration

5.) Running SafeNetworking


Post install

SafeNetworking should now be running and processing events. You will need to perfrom some minor post install setup in Kibana for the visualizations and dashboards. Kibana setup for SafeNetworking


Best Practices and Optional Configuration

You should be all set. For even more ideas on what you can do with the system and other things that you can download and install to get the most out of SafeNetworking, checkout the Wiki!!


Support Policy

The code and templates in the repo are released under an as-is, best effort, support policy. These scripts should be seen as community supported and Palo Alto Networks will contribute our expertise as and when possible. We do not provide technical support or help in using or troubleshooting the components of the project through our normal support options such as Palo Alto Networks support teams, or ASC (Authorized Support Centers) partners and backline support options. The underlying product used (the VM-Series firewall) by the scripts or templates are still supported, but the support is only for the product functionality and not for help in deploying or using the template or script itself. Unless explicitly tagged, all projects or work posted in our GitHub repository (at https://github.com/PaloAltoNetworks) or sites other than our official Downloads page on https://support.paloaltonetworks.com are provided under the best effort policy.

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

4 tags

Packages

No packages published

Languages

  • JavaScript 93.6%
  • CSS 2.5%
  • Python 2.5%
  • HTML 1.3%
  • Shell 0.1%