Differences

This shows you the differences between two versions of the page.

--- paloaltonetworks:configuration:http_calls [2020/05/30 15:51] – bstafford
+++ paloaltonetworks:configuration:http_calls [2022/11/23 12:49] (current) – external edit 127.0.0.1
@@ Line 4: / Line 4: @@
 ===== Slack =====
-[[https://live.paloaltonetworks.com/t5/log-forwarding-articles/pan-os-8-0-http-log-integration-with-slack/ta-p/172093|This page]] has details on how to configure Slack integration.
+[[https://live.paloaltonetworks.com/t5/log-forwarding-articles/pan-os-8-0-http-log-integration-with-slack/ta-p/172093|This page]] has details on how to configure Slack integration. Manage existing Apps [[https://api.slack.com/apps|here]] (There should be an option for 'Incoming Webhooks').
 [[https://api.slack.com/reference/surfaces/formatting|This page]] contains formatting information for Slack messages.
@@ Line 15: / Line 15: @@
 ==== PAN-OS Options for HTTP Requests ====
+  - On ''Device > Server Profiles > HTTP'' create a new server profile.
+  - Add a new server with the following values
+    * **Name** : hooks.slack (or anything you like)
+    * **Address** : hooks.slack.com
+    * **Protocol** : HTTPS
+    * **Port** : 443
+    * **TLS Version** : 1.2
+    * **Certificate Profile** : None
+    * **HTTP Method** : POST
+    * **Username** : Blank
+    * **Password** : Blank
+  - You then set a payload format. You can create a seperate server profile for each type of message though if you want to get very specific. Each payload format consists of the following
+    * **Name** : describe the action (e.g. //alert-on-login//)
+    * **URI Format** : /services/A012BCDEFG3/B0123456ABC/ABCdef1234567890ZYXtests
+    * **HTTP Headers** :
+      * **Header** : content-type
+      * **Value** : application/json
+    * **Payload** : <code>{
+    "attachments": [
+        {
+            "pretext": "$time_generated",
+            "title": "Title to put above the text. Can contain variables.",
+            "fallback": "Text to put in the pop up notifications.",
+            "text": "Main message. You can add in variables as listed below using the $ sign before the name.\n.e.g. $opaque.",
+            "color": "danger"
+        }
+    ]
+}</code>
 === System Logs ===
 ^ Variable Name ^ Example Output ^
@@ Line 148: / Line 181: @@
     ]
 }</code>
-=== System ===
+=== System - Alert on Admin Login===
+<code>{
+    "attachments": [
+        {
+            "pretext": "$time_generated",
+            "title": "Admin Login on $device_name",
+            "fallback": "Admin Login on $device_name",
+            "text": "$time_generated\n$opaque",
+        }
+    ]
+}</code>
+=== System - Critical Event===
+<code>{
+    "attachments": [
+        {
+            "pretext": "$time_generated",
+            "title": "$time_generated $severity system event $eventid on $device_name",
+            "fallback": "Critical System Event",
+            "text": "----------\n$opaque\n----------",
+            "color": "danger"
+        }
+    ]
+}</code>
+=== System - VPN Down ===
+<code>{
+    "attachments": [
+        {
+            "fallback": "$time_generated VPN ALERT $object VPN tunnel is DOWN on $device_name",
+            "pretext": "$time_generated",
+            "title": "VPN tunnel DOWN",
+            "text": "$opaque on $device_name",
+            "color": "danger"
+        }
+    ]
+}</code>
+=== System - VPN Up ===
+<code>{
+    "attachments": [
+        {
+            "fallback": "$time_generated VPN ALERT $object VPN tunnel is UP on $device_name",
+            "pretext": "$time_generated",
+            "title": "VPN tunnel UP",
+            "text": "$opaque on $device_name",
+            "color": "good"
+        }
+    ]
+}</code>
 === Threat - Alert on Threat Detected ===
 <code>{