Using the BlueApp for Palo Alto Networks PAN-OS orchestration actions requires that the BlueApp is enabled on a deployed USM Anywhere Sensor with configured integration to your Palo Alto Networks product. See Configuring the BlueApp for Palo Alto Networks PAN-OS for more information.
| Action | Description |
|---|---|
| Tag Source IP Address from Event | Run this action to tag a source IP address to a dynamic address group from an event |
| Tag Source IP Address from Rule | Run this action to tag source IP address and add it to a Dynamic Address Group in the connected Palo Alto Networks device from a rule |
| Tag Source IP Address from Alarm | Run this action to tag a source IP address to a dynamic address group from an alarm |
| Tag Source Address from Rule | Run this action to tag a source address from a rule |
| Tag Destination IP Address from Event | Run this action to tag a destination IP address to a dynamic address group from an event |
| Tag Destination IP Address from Rule | Run this action to tag destination IP Address and add it to a Dynamic Address Group in the connected Palo Alto Networks device from a rule |
| Tag Destination IP Address from Alarm | Run this action to tag a destination IP address to a dynamic group address from an alarm |
| Tag Destination Address from Rule | Run this action to tag a destination address from a rule |
| Remove Tag from Source Address | Run this action to remove a tag from the source address |
| Remove Tag from Address Group | Run this action to remove a tag from the address group |
| Remove Tag from Destination Address | Run this action to remove a tag from a destination address |
| Add Tag to Address Group | Run this action to add a tag to an address group |
| Add Tag to Destination Address | Run this action to add a tag to a destination address |
| Add Tag to Source Address | Run this action to add a tag to a source address |
- IPv4 address
- IPv6 address
- FQDN
By default, changes affecting PAN-OS firewall configurations require activation through a commit. The object (host) tag requests sent by BlueApp for Palo Alto Networks PAN-OS are not activated until you or another Palo Alto administrator commits them. In the PAN-OS web UI, you can filter pending changes by user account or location and then preview, validate, or commit only those changes. For more information about committing these changes, refer to the PAN-OS documentation.If a specified tag does not already exist in the Palo Alto Networks device, the action also creates the new tag. The tag creation does not require a commit in the Palo Alto Networks environment.
- In USM Anywhere, go to Data Sources > BlueApps.
- Click the Available Apps tab.
- Search for the BlueApp, and then click the tile.
-
Click the Actions tab to display information for the supported actions.
To use the Dynamic Address Group actions, you first need to configure Dynamic Address Groups in your policy within PAN-OS.
-
Click the History tab to display information about the executed orchestration actions.
Launch Actions from USM Anywhere
You can launch an action directly from alarms or events. If you want to apply an action to similar events that occur in the future, you can also create orchestration rules directly from the action applied to an alarm or event.All Group and Tag names will default to lowercase in USM Anywhere to avoid any potential confusion over letter casing.
- Go to Activity > Alarms or Activity > Events.
- Click the alarm or event to open the details.
-
Click Select Action.
-
In the Select Action dialog box, select the Palo Alto tile.
- For the App Action, select the action you want to launch. Additional fields will be populated based on the action you’ve selected. Fill out the necessary fields for the app action. You can launch an action to tag the alarm destination host or source host.
-
Enter the Palo Alto Networks Tag Name that you want to apply to the host.
-
Click Run.
After USM Anywhere initiates the action, it displays a confirmation dialog box.
