Integrating Palo Alto Panorama

Trend Micro Vision One enables sharing of suspicious object data with Palo Alto Panorama through a Service Gateway.

Configure sharing of suspicious object data with this integration through a Service Gateway.

Note:

At least one Service Gateway must be configured to enable integration.

For more information, see Service Gateway Inventory.

  1. Configure settings on Trend Micro Vision One.
    1. Go to Administration > Third-Party Integration.
    2. In the Integration column, click Palo Alto Panorama.
    3. Click the toggle to enable or disable the integration.
    4. Review the Legal Statement and click Accept or Close to continue.
    5. Under Data Transfer, configure suspicious object data sharing criteria and integration settings.
      1. Risk level: Select the risk level of the suspicious object data to include in the shared data.

      2. Frequency: Select the frequency at which suspicious object data is shared.

      3. URL parameters: Select whether to remove query strings from URLs.

    6. Under Service Gateway Connection, configure the connection between the Service Gateway and the integration.
      1. Click Connect.

        The Service Gateway Connection panel appears.

      2. Select a Service Gateway.

      3. Configure the integration server settings.

      4. (Optional) Click Test Connection to verify if the settings are valid.

      5. Click Connect.

        The connection configuration is added to the list.

      6. Click the Generate Now icon () to generate suspicious object data sharing files immediately.

      7. Hover over the Copy URL icon () to copy the suspicious object data sharing URLs to use on your integration.

    7. Repeat the previous step to add multiple connection configurations for this integration.
    8. Click Save.
  2. Configure settings on your integration.
    Note:

    The following steps were performed using version 8.0 of the PAN-OS web interface.

    If you are using a different version, refer to the documentation for your version.

    1. In the PAN-OS web interface, go to Objects > External Dynamic Lists.
    2. Click Add.
    3. Configure the external dynamic list.
      1. Name: Type a name for the list.

      2. Type: Select Domain List or URL List.

      3. Description: Type a description to help you identify this list.

      4. Source: Paste the suspicious object data sharing URL that you obtained from the Trend Micro Vision One console.

      5. Check for updates: Select the interval at which this external dynamic list checks for updates.

        Tip:

        Trend Micro recommends matching the update interval to the suspicious object data sharing Frequency configured on Trend Micro Vision One.

      6. (Optional) Click Test Source URL to test if the URL is accessible.

      7. Click OK.

      Your Palo Alto Panorama appliance is configured to retrieve suspicious object data from the Trend Micro Vision One Service Gateway.

    4. Repeat the previous step to add an external dynamic list configuration for the type you did not configure.