PAN-OS + Steampipe

Steampipe is an open-source zero-ETL engine to instantly query cloud APIs using SQL.

PAN-OS is the operating system for Palo Alto Networks NGFWs and Panorama.

Example query:

select
  name,
  value,
  description
from
  panos_address_object
order by
  name;

+----------+-----------------+-------------------------+
| name     | value           | description             |
+----------+-----------------+-------------------------+
| localnet | 192.168.80.0/24 | The 192.168.80 network. |
+----------+-----------------+-------------------------+

Documentation

Table definitions & examples →

Get started

Install

Download and install the latest PAN-OS plugin:

steampipe plugin install panos

Configuration

Installing the latest panos plugin will create a config file (~/.steampipe/config/panos.spc) with a single connection named panos:

connection "panos" {
  plugin = "panos"
  
  # hostname to connect to 
  # hostname = "127.0.0.1"
  
  # api key to use for connection
  # api_key = "secret"
  
  # Username/Password combination to use for the connection. Ignored if 'api_key' is set
  # username = "username"
  # password = "password"
  
  # Request timeout (in seconds) for calls to the endpoint. Defaults to 10. Increase this if the endpoint may return
  # a high number of resources
  # timeout = 10
}

Environment variables are also available as an alternate configuration method:

PANOS_HOSTNAME
PANOS_API_KEY
PANOS_USERNAME
PANOS_PASSWORD

Note: If api_key or PANOS_API_KEY is used, then username / PANOS_USERNAME and password / PANOS_PASSWORD are ignored.

Postgres FDW

This plugin is available as a native Postgres FDW. Unlike Steampipe CLI, which ships with an embedded Postgres server instance, the Postgres FDW can be installed in any supported Postgres database version.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_postgres_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/postgres.sh)" -- panos

The installer will prompt you for the plugin name and version, download and install the appropriate files for your OS, system architecture, and Postgres version.

To configure the Postgres FDW, you will create an extension, foreign server, and schema and import the foreign schema.

CREATE EXTENSION IF NOT EXISTS steampipe_postgres_panos;
CREATE SERVER steampipe_panos FOREIGN DATA WRAPPER steampipe_postgres_panos OPTIONS (config '<your_config>');
CREATE SCHEMA panos;
IMPORT FOREIGN SCHEMA panos FROM SERVER steampipe_panos INTO panos;

SQLite Extension

This plugin is available as a SQLite Extension, making the tables available as SQLite virtual tables.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_sqlite_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/sqlite.sh)" -- panos

The installer will prompt you for the plugin name, version, and destination directory. It will then determine the OS and system architecture, and it will download and install the appropriate package.

To configure the SQLite extension, load the extension module and then run the steampipe_configure_panos function to configure it with plugin-specific options.

$ sqlite3
sqlite> .load ./steampipe_sqlite_extension_panos.so
sqlite> select steampipe_configure_panos('<your_config>');

Export

This plugin is available as a standalone Export CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- panos

You can pass the configuration to the command with the --config argument:

steampipe_export_panos --config '<your_config>' <table_name>