# ############################################################################### # # AUTHOR : Suresh Kalavala # # DATE : 03/04/2018 # # PACKAGE : PALO ALTO APPLANCE/DEVICE SENSOR # # Description : Package to monitor PaloAlto device, logged-in users, vpn users # # and other system information # ############################################################################### # homeassistant: # customize: # # Sensors from custom component # sensor.paloalto_host_name: # friendly_name: Palo Alto Host Name # sensor.paloalto_operation_mode: # friendly_name: Device Operation Mode # sensor.paloalto_serial_number: # friendly_name: Device Serial Number # sensor.paloalto_global_protect_user_count: # friendly_name: VPN Loggedin User Count # sensor.paloalto_global_protect_users: # friendly_name: VPN Loggedin Users # sensor.paloalto_global_protect_version: # friendly_name: VPN Software Version # sensor.paloalto_logdb_version: # friendly_name: Log Db Version # sensor.paloalto_software_version: # friendly_name: Device Software Version # sensor.paloalto_core_temperature: # friendly_name: Core Temperature # sensor.paloalto_system_temperature: # friendly_name: System Temperature # sensor.paloalto_up_time: # friendly_name: Up Time # # Scripts # script.paloalto_clear_traffic_logs: # friendly_name: Clear Traffic Logs # script.paloalto_clear_threat_logs: # friendly_name: Clear Threat Logs # script.paloalto_clear_alarm_logs: # friendly_name: Clear Alarm Logs # script.paloalto_clear_authentication_logs: # friendly_name: Clear Authentication Logs # script.paloalto_clear_config_logs: # friendly_name: Clear Configuration Logs # script.paloalto_clear_system_logs: # friendly_name: Clear System Logs # script.paloalto_shutdown: # friendly_name: Shutdown Palo Alto Device # icon: mdi:power # script.paloalto_restart: # friendly_name: Restart Palo Alto Device # icon: mdi:restart # sensor: # - platform: paloalto # api_key: !secret paloalto_authkey # ip_address: !secret paloalto_hostip # ssl: True # verify_ssl: False # scan_interval: 60 # monitored_conditions: # - host_name # - up_time # - serial_no # - sw_version # - gp_version # - logdb_version # - operation_mode # - core_temp # - sys_temp # - gp_users # - gp_user_count # - loggedin_user_count # - loggedin_users # # # # All the URLs below use the following format # # For ex: paloalto_clear_traffic_logs: "curl -k 'https://192.xxx.xxx.xxx/api/?type=op&cmd=&key=YOUR_API_KEY'" # # Check out secrets.example file for additional details about the commands # # https://github.com/skalavala/smarthome/blob/master/secrets.example # # # shell_command: # paloalto_clear_traffic_logs: !secret paloalto_clear_traffic_logs # paloalto_clear_threat_logs: !secret paloalto_clear_threat_logs # paloalto_clear_alarm_logs: !secret paloalto_clear_alarm_logs # paloalto_clear_authentication_logs: !secret paloalto_clear_authentication_logs # paloalto_clear_config_logs: !secret paloalto_clear_config_logs # paloalto_clear_system_logs: !secret paloalto_clear_system_logs # paloalto_shutdown: !secret paloalto_shutdown # paloalto_restart: !secret paloalto_restart # script: # paloalto_clear_traffic_logs: # sequence: # - service: shell_command.paloalto_clear_traffic_logs # paloalto_clear_threat_logs: # sequence: # - service: shell_command.paloalto_clear_threat_logs # paloalto_clear_alarm_logs: # sequence: # - service: shell_command.paloalto_clear_alarm_logs # paloalto_clear_authentication_logs: # sequence: # - service: shell_command.paloalto_clear_authentication_logs # paloalto_clear_config_logs: # sequence: # - service: shell_command.paloalto_clear_config_logs # paloalto_clear_system_logs: # sequence: # - service: shell_command.paloalto_clear_system_logs # paloalto_shutdown: # sequence: # - service: shell_command.paloalto_shutdown # paloalto_restart: # sequence: # - service: shell_command.paloalto_restart # automation: # # # # Alerts me when someone logs into my VPN network # # This automation compares before and after state changes # # and alerts when someone logged in/out of VPN # # # - alias: Alert When Someone Logged into VPN # initial_state: true # hide_entity: true # trigger: # - platform: state # entity_id: sensor.paloalto_global_protect_users # condition: # - condition: template # value_template: '{{ trigger.from_state.state | lower != trigger.to_state.state | lower }}' # action: # - service: script.notify_me # data_template: # message: >- # {% set before = trigger.from_state.state %} # {% set after = trigger.to_state.state %} # {% macro loggedIn(beforeList, afterList) %} # {%- for user in afterList if user != 'None' and user not in beforeList%} # {%- if loop.first %}{% elif loop.last %} and{% else %},{% endif -%} # {{- user }} # {%- endfor %} # {%- endmacro %} # {% macro loggedOut(beforeList, afterList) %} # {%- for user in beforeList if user != 'None' and user not in afterList %} # {%- if loop.first %}{% elif loop.last %} and{% else %},{% endif -%} # {{- user }} # {%- endfor %} # {%- endmacro %} # {%- macro checkUsers(beforeList, afterList) -%} # {%- set loggedInUsers = loggedIn(beforeList, afterList) -%} # {%- set loggedOutUsers = loggedOut(beforeList, afterList) -%} # {%- if loggedInUsers | trim != "" -%} # Alert! {{- loggedInUsers | title }} just logged into your Web VPN. # {%- endif -%} # {%- if loggedOutUsers | trim != "" %} # {{- loggedOutUsers |title }} just logged out of your Web VPN. # {% endif %} # {%- endmacro -%} # {{ checkUsers(before.split(','), after.split(',')) }} # # # # Alerts me when someone logs into my firewall. # # This automation compares before and after state changes # # and alerts when someone logged in/out of Firewall # # # - alias: Alert When Someone Logged into Firewall # initial_state: true # hide_entity: true # trigger: # - platform: state # entity_id: sensor.paloalto_loggedin_users # condition: # - condition: template # value_template: '{{ trigger.from_state.state | lower != trigger.to_state.state | lower }}' # action: # - service: script.notify_me # data_template: # message: >- # {% set before = trigger.from_state.state %} # {% set after = trigger.to_state.state %} # {% macro loggedIn(beforeList, afterList) %} # {%- for user in afterList if user != 'None' and user not in beforeList%} # {%- if loop.first %}{% elif loop.last %} and{% else %},{% endif -%} # {{- user }} # {%- endfor %} # {%- endmacro %} # {% macro loggedOut(beforeList, afterList) %} # {%- for user in beforeList if user != 'None' and user not in afterList %} # {%- if loop.first %}{% elif loop.last %} and{% else %},{% endif -%} # {{- user }} # {%- endfor %} # {%- endmacro %} # {%- macro checkUsers(beforeList, afterList) -%} # {%- set loggedInUsers = loggedIn(beforeList, afterList) -%} # {%- set loggedOutUsers = loggedOut(beforeList, afterList) -%} # {%- if loggedInUsers | trim != "" -%} # Alert! {{- loggedInUsers | title }} just logged into your Palo Alto Firewall. # {%- endif -%} # {%- if loggedOutUsers | trim != "" %} # {{- loggedOutUsers |title }} just logged out of your Palo Alto Firewall. # {% endif %} # {%- endmacro -%} # {{ checkUsers(before.split(','), after.split(',')) }} # # # # Palo Alto PA-200 device sucks ass in terms of its disk space! # # A work around would be to clear traffic logs periodically # # This automation runs every hour and clears traffic log/log files # # # - alias: Clear Traffic Logs # initial_state: True # hide_entity: True # trigger: # - platform: time_pattern # hours: '/1' # minutes: 00 # action: # - service: script.paloalto_clear_traffic_logs