Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Palo Alto ARP table import for Machine Tracker #2343

Closed
ingeborgoh opened this issue Feb 3, 2022 · 3 comments · Fixed by #2613
Closed

Palo Alto ARP table import for Machine Tracker #2343

ingeborgoh opened this issue Feb 3, 2022 · 3 comments · Fixed by #2613
Labels
enhancement nav-ref Fronted by the NAV user reference committee

Comments

@ingeborgoh
Copy link
Contributor

Palo Alto Firewall does not support collection of arp table via snmp, but has a REST API and provides data as XML.

We need a script that can collect these data via the API and insert them into the NAV database.

Example python project:
[ http://api-lab.paloaltonetworks.com/pan-python.html | http://api-lab.paloaltonetworks.com/pan-python.html ]

Trial version of Palo Alto
https://www.paloaltonetworks.com/vm-series-trial

UiT will also soon have some lab equipment to run tests on.
@lunkwill42
Copy link
Member

This is the exact same problem that has been reported for Cisco ASA through many years. Most stuff works through SNMP, but not ARP cache collection.

@lunkwill42
Copy link
Member

Tip from HiVolda: https://docs.paloaltonetworks.com/iot/iot-security-api-reference/iot-security-api/get-device-details-per-mac-address

@lunkwill42 lunkwill42 added the nav-ref Fronted by the NAV user reference committee label Sep 2, 2022
@ingeborgoh
Copy link
Contributor Author

How to export Arp table into XML

curl -kG "https://192.168.1.1/api/?type=op&cmd=%3Cshow%3E%3Carp%3E%3Centry+name+%3D+%27all%27%2F%3E%3C%2Farp%3E%3C%2Fshow%3E&key=" > arp-list.xml

IP address and api-key must exist somewhere

Entries looks like this

<entry>
  <status>  c  </status>
  <ip>10.11.12.13</ip>
  <mac>00:aa:00:bb:00:cc</mac>
  <ttl>665</ttl>
  <interface>ae2</interface>
  <port>ae2</port>
</entry>

where status: s - static, c - complete, e - expiring, i - incomplete.

@lunkwill42 lunkwill42 changed the title Palo Alto ARP table import for Machine Tracer Palo Alto ARP table import for Machine Tracker Jan 10, 2023
@Slenderman00 Slenderman00 mentioned this issue Apr 27, 2023
Merged
@lunkwill42 lunkwill42 linked a pull request May 3, 2024 that will close this issue
Palo Alto ARP table plugin #2613
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement nav-ref Fronted by the NAV user reference committee
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Palo Alto ARP table plugin Slenderman00/nav
2 participants
@lunkwill42 @ingeborgoh