Jira Change Management
If you are using PAN-OS/Panorama firewall and Jira as a ticketing system, this playbook will be a perfect match for your change management for firewall process. This playbook is triggered by afetch from Jira and will help you manage and automate your change management process.
Change Management · 23 tasks · 26 inputs · 0 outputs
Inputs
TicketSummary— Provide a summery for your firewall request.SecurityTeamEmail— The email of the security team that approves the firewall requests.log_type— Log type to query. Can be: traffic, threat, wildfire, url or data-filtering.query— The query string by which to match criteria for the logs. This is similar to the query provided in the web interface under the Monitor tab when viewing the logs.addr-src— Source address.addr-dst— Destination address.port-dst— Destination port.TestConfigurations— By providing YES to this input, the requested firewall rule will be tested in your test environment.zone-src— Firewall source zone.zone-dst— Firewall destination zone.TestInstance— The instance name of the firewall in the DEV environment for testing the new rule.Action— The action for the change request.Protocol— The IP protocol.Log_forwarding— Log forwarding profile.Profile_setting— A profile setting group.Service— A comma-separated list of service object names for the rule.Application— A comma-separated list of application object names for the rule to create.Rulename— Name of the rule to create.Description— Set the description of the ticket.Time-generated— The time the log was generated from the timestamp and prior to it. For example: "2019/08/11 01:10:44".Rule_position— Pre rule or Post rule (Panorama instances). Possible options: - post-rulebase - pre-rulebaseClosing_status_rejected— The closing status in Jira is changing in the project templates. Please provide the relevant closing status if the issue was rejected.Closing_status_approved— The closing status in Jira is changing in the project templates. Please provide the relevant closing status if the issue was approved.Target— Target number of the firewall. Use only for a Panorama instance.Vsys— Target vsys of the firewall. Use only for a Panorama instance.Limit— Maximum number of API requests that the PanoramaSecurityPolicyMatchWrapper script will send. The default is 500.
Commands used
closeInvestigation
jira-edit-issue
jira-issue-add-comment
jira-issue-upload-file
pan-os-create-rule
setIncident