Can Qualys scan Palo Alto? Both in terms of vulnerability scanning and CIS compliance.
Update March 14: See Policy Library Update.
The policy was release to the library on March 1st. See the screenshot below from POD 1.
Qualys support for PC scanning and reporting for Palo Alto is in progress. Currently we are researching on and coming up with a list of hardening / security configuration controls (as there is no CIS benchmark available for Palo Alto). Tentative support in production is expected by Q4 2016.
There is a SANS Benchmark Configuration for Palo Alto firewall
Hi Shailesh, is there any news about the PC scan of Palo Alto devices? It's already Q1 2017, is there any update about the expected release date?
Thanks in advance,
It is currently in the development process and is now targeted for Q2 - additional research and dependencies required us to push this out.
Has there been an further updates in regards to assessing compliance with the CIS benchmark for Palo Alto devices? Hope all is well.
Is the goal still Q2 2017 for scanning of PAN devices? I have three firewalls I would love to scan and get some PAN vulnerability data.
Hi Tim - Could you update the community on this topic? Thanks, Michael
The code is complete and in the process of QA. This is confirmed in the 8.11.0 release and will be out in late October. The release notification will be posted as soon as final dates are confirmed on the Qualys Blog and the scheduled dates for each platform can be found once available on the Qualys Status Page
Hi Qualys! The new authentication record and technology is now available :-)
But, I cannot load a Palo Alto Policy from the library yet? There is a CIS policy available @CIS, but only in PDF. Can we expect a Palo Alto policy in the library soon?
Library content is in engineering and will be out in December or January once certified by CIS.
Hi Tim, pls provide an status.
Hi, this seems to apply to PANOS-7. Can you confirm this as the latest version is PANOS-8.x or the plan to support it.
We currently support PANOS-8.x in PC and VM. CIS has not released the Palo Alto version 8 benchmark yet. Once the policy is released, we will start the development work for the CIS policy for PANOS 8 and publish it to the library.
Retrieving data ...