paloaltonetworks:configuration:http_calls
This is an old revision of the document!
Table of Contents
HTTP Server Calls
You can use the HTTP Server profiles to allow your PAN-OS appliance to send messages to Slack and Teams.
Slack
This page has details on how to configure Slack integration.
This page contains formatting information for Slack messages.
Test Slack Web Hook
Slack give you the following test command. Replace the full URL with your web hook URL
curl -X POST -H 'Content-type: application/json' --data '{"text":"Hello, World!"}' https://hooks.slack.com/services/A012BCDEFG3/B0123456ABC/ABCdef1234567890ZYXtests
On Windows, we have to change the command to the following
curl -X POST -H "Content-type:application/json" --data "{\"text\":\"HelloWorld\"}" https://hooks.slack.com/services/A012BCDEFG3/B0123456ABC/ABCdef1234567890ZYXtests
PAN-OS Options for HTTP Requests
System Logs
Threat Logs
| Variable Name | Example Output |
|---|---|
| action | reset both |
| actionflags | 0x2000000000000000 |
| app | web-browsing |
| assoc_id | 0 |
| category | low-risk |
| cef-formatted-receive_time | May 30 2020 09:17:24 GMT |
| cef-formatted-time_generated | May 30 2020 09:17:24 GMT |
| cef-number-of-severity | 6 |
| cloud | |
| contenttype | |
| contentver | AppThreat-8278-6109 |
| device_name | palo-hostname |
| dg_hier_level_1 | 0 |
| dg_hier_level_2 | 0 |
| dg_hier_level_3 | 0 |
| dg_hier_level_4 | 0 |
| direction | server-to-client |
| dport | 80 |
| dst | 1.2.3.4 |
| dst_uuid | |
| dstloc | Germany |
| dstuser | |
| dynusergroup_name | |
| file_url | |
| filedigest | |
| filetype | |
| flags | 0x402000 |
| from | sz-trusted |
| http2_connection | 0 |
| http_headers | |
| http_method | |
| imei | 0 |
| imsi | 0 |
| inbound_if | ethernet1/2 |
| logset | default |
| misco | eicar.como |
| monitortag | |
| natdport | 80 |
| natdst | 213.211.198.58 |
| natsport | 20376 |
| natsrc | 10.1.1.11 |
| number-of-severity | 3 |
| outbound_if | ethernet1/1 |
| padding | 0 |
| parent_session_id | 0 |
| parent_start_time | |
| pcap_id | 0 |
| ppid | 4294967295 |
| proto | tcp |
| receive_time | 2020/05/30 10:17:24 |
| recipient | |
| referer | |
| repeatcnt | 4 |
| reportid | 0 |
| rule | default-all |
| rule_uuid | e10221de-c22a-4dc8-22ff-222eff1f222e |
| sender_sw_version | 9.1.2 |
| seqno | 2799 |
| serial | 001122334455667 |
| sessionid | 719 |
| severity | medium |
| sig_flags | 0x0 |
| sport | 49387 |
| src | 10.1.1.1 |
| src_uuid | |
| srcloc | 10.0.0.0-10.255.255.255 |
| srcuser | |
| subject | |
| subtype | vulnerability |
| thr_category | code-execution |
| threatid | Eicar File Detected(39040) |
| time_generated | 2020/05/30 10:21:57 |
| time_received | 2020/05/30 10:21:57 |
| to | sz-untrust |
| tunnel | N/A |
| tunnelid | 0 |
| type | THREAT |
| url_category_list | |
| url_idx | 1 |
| user_agent | |
| vsys_id | 1 |
| vsys_id | 1 |
| vsys_name | |
| xff | |
paloaltonetworks/configuration/http_calls.1590853313.txt.gz · Last modified: (external edit)