Palo Alto Networks

Integrated with Palo Alto Networks, Fortra VM users can further enhance the efficacy of the Cortex platform in the protection of their information assets. The integration with Cortex will consume vulnerability and threat intelligence produced when scanning systems and networks with our Fortra VM platform. Fortra recommends watching the Palo Alto Tutorial for integration guidance.

To integrate with Palo Alto Networks perform the following (see below for detailed instructions):

  1. Generate a Fortra VM API Key
  2. Access Cortex Apps in Palo Alto Networks
  3. Authorize App

Requirements

  • Palo Alto Networks Cortex
  • Fortra VM version 6.2.2.6 or later
  • Fortra VM API Key

Generate a Fortra VM API Key

  1. Log in to Fortra VM.

  2. In the site heater, select your name and choose My profile.

  3. On the API Tokens tab, select Create new token.

  4. In the Add New Token dialog, type the token name and select OK.

  5. Below your token name, selecting Click to show key displays your API Key.

    6. IMPORTANT: An API Key is equivalent to a user’s password. Do not use a key with more than one product integration. If you believe a key is compromised, delete the token from Fortra VM immediately by selecting the trash can icon and resulting check-mark to confirm.
TIP: Only one API Token will be used to access this app instance. While it is not necessary, we recommend creating an ‘integration’ user strictly for the purpose of assigning this user’s API Token for this integration or any future integrations.

Access Cortex Apps in Palo Alto Networks

Log into your Palo Alto Networks account to access your Cortex Apps.

Clicking on the Fortra Fortra VM app will begin app initialization and direct you to log in using a Fortra VM API token.

  1. Enter your API token.

    2. NOTE: Remember, this token will be the only token used to access this app instance. Trying to log in with a different API token will either fail to log in, or display a different app instance related to the different API token.
  2. Click Authenticate.

Authorize App

Once logged in, a status page will show all current app instances.

Each instance will show:

  • Instance name
  • Logging service number of the app
  • The region
  • The status of the app (authorized or unauthorized)

If the instance is unauthorized, the app will not run and will not pull any information from Palo Alto Networks into your Fortra VM account.

To authorize an app instance:

  1. Click the Authorize button.

    2. Site will be redirect to Request for Approval from Palo Alto Networks. The Fortra Fortra VM app requests permission for reading logging service data from Palo Alto Networks.

  2. Click Allow.

  • With request approval, you will be directed back to the status page which will now display the app as Authorized.
  • Denial of request approval will also redirect you back to the status page, but the app status remains Unauthorized.

Once authorized, the app will begin pulling Next Gen Firewall and Trap data into your Fortra VM account.

Palo Alto Integration Tutorial