Change Management

If you are using PAN-OS/Panorama firewall and Jira or ServiceNow as a ticketing system this playbook is a perfect match for your change management for Firewall process. This playbook can be triggered by 2 different options - a fetch from ServiceNow or Jira - and will help you manage and automate your change management process.

Change Management · 5 tasks · 27 inputs · 0 outputs

Inputs

  • TicketSummary — Provide a summery for your firewall change request.
  • SecurityTeamEmail — The email of the security team that approves the firewall requests.
  • log_type — Log type to query. Can be: traffic, threat, wildfire, url or data-filtering.
  • query — The query string by which to match criteria for the logs. This is similar to the query provided in the web interface under the Monitor tab when viewing the logs.
  • Query_logs — By providing the value "Yes" to this input, the "Panorama Query Logs" playbook will be activated.
  • addr-src — The source address for the change request.
  • addr-dst — The destination address for the change request.
  • port-dst — The destination ports for the change request.
  • zone-src — The relevant firewall source zone for the change request.
  • zone-dst — The relevant firewall destination zone for the change request.
  • Action — The action for the change request (such as: allow, drop, deny)
  • Protocol — The relevant IP protocol for the change request.
  • Log_forwarding — Log forwarding profile.
  • Profile_setting — A profile setting group.
  • Service — A comma-separated list of service object names for the rule.
  • Application — A comma-separated list of application object names for the rule to create.
  • Target — Target number of the firewall. Use only for a Panorama instance.
  • Vsys — Target vsys of the firewall. Use only for a Panorama instance.
  • Rulename — Name of the rule to create.
  • Rule_position — Pre rule or Post rule (Panorama instances). Possible options: - post-rulebase - pre-rulebase
  • Description — Set the description of the ticket.
  • Time_generated — The time the log was generated from the timestamp and prior to it. For example: "2019/08/11 01:10:44".
  • TestConfigurations — By providing YES to this input, the requested firewall rule will be tested in your test environment.
  • TestInstance — The instance name of the firewall in the DEV environment for testing the new rule.
  • Closing_status_approved — The closing status in Jira is changing in the project templates. Please provide the relevant closing status if the issue was approved.
  • Closing_status_rejected — The closing status in Jira is changing in the project templates. Please provide the relevant closing status if the issue was rejected.
  • Limit — Maximum number of API requests that the PanoramaSecurityPolicyMatchWrapper script will send. The default is 500.

Flowchart

Jira ServicenNow Start Start ServiceNow Change Management - ServiceNow Change Management ServiceNow Change Management ServiceNow Change Management What was the incident trigger? What was the incident tri... Done Done Jira Change Management - Jira Change Management Jira Change Management Jira Change Management