DataDog · AlexandreYang · Jan 5, 2022 · Dec 27, 2021 · Dec 28, 2021 · Dec 28, 2021
@@ -3,6 +3,15 @@
 # https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/monitoring/snmp-monitoring-and-traps/supported-mibs/pan-common-mibmy.html#idaeaa4a59-0bf4-4f66-90cf-9c0096c6f8a4
 # https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/pan-os/9-1/pan-os-admin/pan-os-admin.pdf
 
+# Example sysDescr:
+#  - Palo Alto Networks VM-Series firewall
+#  - Palo Alto Networks PA-220 series firewall
+#  - Palo Alto Networks PA-800 series firewall
+#  - Palo Alto Networks PA-3200 series firewall
+#  - Palo Alto Networks WildFire Appliance
+#  - Palo Alto Networks PA-800 series firewall
+#  - Palo Alto Networks PA-3000 series firewall
+
 extends:
   - _base.yaml
   - _generic-if.yaml
@@ -15,7 +24,53 @@ extends:
 device:
   vendor: "paloaltonetworks"
 
-sysobjectid: 1.3.6.1.4.1.25461.*
+# All Palo Alto Networks sysObjectID start with `1.3.6.1.4.1.25461.2.3` (panMibs)
+sysobjectid: 1.3.6.1.4.1.25461.2.3.*
+
+# Note related to use of index `1` of entPhysicalTable columns:
+# Based on snmpwalks of Palo Alto Networks devices, the main/chassis hardware have the index `1`
+# Librennms is also using index `1`: https://github.com/librenms/librenms/blob/1ac60e3b1d90616119f3c4adc28213e3c35c2477/includes/definitions/discovery/arista_eos.yaml#L4
+metadata:
+  device:
+    fields:
+      vendor:
+        value: "paloaltonetworks"
+      serial_number:
+        symbol:
+          OID: 1.3.6.1.4.1.25461.2.1.2.1.3.0
+          name: panSysSerialNumber # The serial number of the unit. If not available, an empty string is returned.
+      version:
+        symbol:
+          OID: 1.3.6.1.4.1.25461.2.1.2.1.1.0
+          name: panSysSwVersion # Full software version. The first two components of the full version are the major
+                                # and minor versions. The third component indicates the maintenance release number
+                                # and the fourth, the build number.
+      product_name:
+        symbol:
+          OID: 1.3.6.1.2.1.1.1.0
+          name: sysDescr
+          match_pattern: 'Palo Alto Networks\s+(PA-\d+ series firewall|WildFire Appliance|VM-Series firewall)'
+          match_value: '$1'
+          # Examples:
+          #  - Palo Alto Networks VM-Series firewall
+          #  - Palo Alto Networks PA-3200 series firewall
+          #  - Palo Alto Networks WildFire Appliance
+      model:
+        symbol:
+          OID: 1.3.6.1.4.1.25461.2.1.2.2.1.0
+          name: panChassisType
+          # Examples:
+          #  - PA-3020
+      os_name:
+        # "PAN‑OS® is the software that runs all Palo Alto Networks® next-generation firewalls."
+        # Source https://docs.paloaltonetworks.com/pan-os.html
+        value: 'PAN-OS'
+      os_version:
+        symbol:
+          OID: 1.3.6.1.4.1.25461.2.1.2.1.1.0
+          name: panSysSwVersion # Full software version. The first two components of the full version are the major
+                                # and minor versions. The third component indicates the maintenance release number
+                                # and the fourth, the build number.
 
 metrics:
   #

@@ -1,4 +1,23 @@
-1.3.6.1.2.1.1.2.0|6|1.3.6.1.4.1.25461.1.2
+1.3.6.1.2.1.1.1.0|4|Palo Alto Networks PA-3000 series firewall
+1.3.6.1.2.1.1.2.0|6|1.3.6.1.4.1.25461.2.3.18
+1.3.6.1.2.1.47.1.1.1.1.1.1|2|1
+1.3.6.1.2.1.47.1.1.1.1.2.1|4|PA-3020
+1.3.6.1.2.1.47.1.1.1.1.3.1|6|1.3.6.1.4.1.25461.2.3.18
+1.3.6.1.2.1.47.1.1.1.1.4.1|2|0
+1.3.6.1.2.1.47.1.1.1.1.5.1|2|3
+1.3.6.1.2.1.47.1.1.1.1.6.1|2|-1
+1.3.6.1.2.1.47.1.1.1.1.7.1|4|PA-3020
+1.3.6.1.2.1.47.1.1.1.1.8.1|4|1.1
+1.3.6.1.2.1.47.1.1.1.1.9.1|4|
+1.3.6.1.2.1.47.1.1.1.1.10.1|4|9.0.5
+1.3.6.1.2.1.47.1.1.1.1.11.1|4|
+1.3.6.1.2.1.47.1.1.1.1.12.1|4|Palo Alto Networks
+1.3.6.1.2.1.47.1.1.1.1.13.1|4|PA-3020
+1.3.6.1.2.1.47.1.1.1.1.14.1|4|
+1.3.6.1.2.1.47.1.1.1.1.15.1|4|
+1.3.6.1.2.1.47.1.1.1.1.16.1|2|2
+1.3.6.1.2.1.47.1.1.1.1.17.1|4|0000000000000000
+1.3.6.1.2.1.47.1.1.1.1.18.1|4|
 1.3.6.1.4.1.25461.1.1.7.1.1.1.0|2|23
 1.3.6.1.4.1.25461.1.1.7.1.1.2.0|2|29
 1.3.6.1.4.1.25461.1.1.7.1.2.1.1.1.8|2|19
@@ -36,13 +55,12 @@
 1.3.6.1.4.1.25461.1.1.7.1.4.1.1.1.19|2|24
 1.3.6.1.4.1.25461.1.1.7.1.4.1.1.1.27|2|10
 1.3.6.1.4.1.25461.1.1.7.1.4.1.1.1.29|2|11
-1.3.6.1.4.1.25461.2.1.2.1.1.0|4x|6b65707420717561696e746c7920717561696e746c79206f78656e206f78656e204a61646564
-1.3.6.1.4.1.25461.2.1.2.1.2.0|4x|666f72776172642064726976696e67206b657074206b65707420717561696e746c792064726976696e672064726976696e67204a61646564207a6f6d62696573
-1.3.6.1.4.1.25461.2.1.2.1.3.0|4x|6f78656e206b6570742061637465642061637465642064726976696e67207a6f6d6269657320627574206163746564
-1.3.6.1.4.1.25461.2.1.2.1.11.0|4x|4a6164656420616374656420666f7277617264206b657074
-1.3.6.1.4.1.25461.2.1.2.1.12.0|4x|7a6f6d62696573204a61646564207a6f6d62696573
-1.3.6.1.4.1.25461.2.1.2.1.13.0|4x|717561696e746c79207468656972206b657074206163746564
-1.3.6.1.4.1.25461.2.1.2.2.1.0|4x|6163746564207a6f6d6269657320746865697220746865697220717561696e746c79204a616465642064726976696e67204a61646564
+1.3.6.1.4.1.25461.2.1.2.1.1.0|4|9.0.5
+1.3.6.1.4.1.25461.2.1.2.1.3.0|4|015351000009999
+1.3.6.1.4.1.25461.2.1.2.1.11.0|4|active
+1.3.6.1.4.1.25461.2.1.2.1.12.0|4|passive
+1.3.6.1.4.1.25461.2.1.2.1.13.0|4|active-passive
+1.3.6.1.4.1.25461.2.1.2.2.1.0|4|PA-3020
 1.3.6.1.4.1.25461.2.1.2.3.1.0|2|16
 1.3.6.1.4.1.25461.2.1.2.3.2.0|2|1
 1.3.6.1.4.1.25461.2.1.2.3.3.0|2|13

@@ -387,3 +387,45 @@ def test_e2e_core_metadata_apc_ups(dd_agent_check):
         'version': '2.0.3-test',
     }
     assert_device_metadata(aggregator, device)
+
+
+def test_e2e_core_metadata_palo_alto(dd_agent_check):
+    config = common.generate_container_instance_config([])
+    instance = config['instances'][0]
+    instance.update(
+        {
+            'community_string': 'palo-alto',
+            'loader': 'core',
+        }
+    )
+
+    aggregator = dd_agent_check(config, rate=False)
+
+    device_ip = instance['ip_address']
+
+    device = {
+        'description': 'Palo Alto Networks PA-3000 series firewall',
+        'id': 'default:' + device_ip,
+        'id_tags': [
+            'device_namespace:default',
+            'snmp_device:' + device_ip,
+        ],
+        'ip_address': device_ip,
+        'model': 'PA-3020',
+        'os_name': 'PAN-OS',
+        'os_version': '9.0.5',
+        'product_name': 'PA-3000 series firewall',
+        'profile': 'palo-alto',
+        'serial_number': '015351000009999',
+        'status': 1,
+        'sys_object_id': '1.3.6.1.4.1.25461.2.3.18',
+        'tags': [
+            'device_namespace:default',
+            'device_vendor:paloaltonetworks',
+            'snmp_device:' + device_ip,
+            'snmp_profile:palo-alto',
+        ],
+        'vendor': 'paloaltonetworks',
+        'version': '9.0.5',
+    }
+    assert_device_metadata(aggregator, device)