Skip to content
/ prisma-cnns Public

Prisma Cloud CNNS initiatives, deployment scripts and materials.

4 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

se-cloud-emea/prisma-cnns

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
fw-rules-gen
fw-rules-gen
 
 
README.md
README.md
 
 

Repository files navigation

prisma-cnns

Prisma Cloud CNNS initiatives, deployment scripts and materials.

I. Microsegmentation firewall rules generator

Demo

IMAGE ALT TEXT

Procedure

The version 1.0 of the script is for a greenfield scenario. It is possible to append new firewall rules to the existing entries. It is a subject for the next release.

The procedure to generate CNNF/CNNS microsegmentation rules based on Prisma Cloud observations is as follows.

Step 0. Do the backup of existing firewall rules.

Do the backup at Compute > Defend > CNNF/CNNS > Export icon

The configuration can be reverted back at any time. The imported policy overwrites the existing one.

DO NOT SHARE publicly your exported csv file as it contains the token!

image

Step 1. Add any to any observation rule.

Upload the file: cnns-initial-policy.json at Compute > Defend > CNNF/CNNS > Import icon OR configure the monitoring rule manually.

image

Step 2. Wait for observation results.

Check over time if the counters are going up at Compute > Monitor > Events > CNNF/CNNS for containers

image

Step 3. Export audit logs to a CSV file.

Get the CSV file from Compute > Monitor > Events > CNNF/CNNS for containers > CSV icon

Step 4. Use the generator/script to transform audit logs to firewall rules.

You can run a rule generator as a Jupyter notebook or a Python script. Both require the Pandas Python library which is included for the future data science and ML purposes.

4.1 Use a Jupyter notebook cnns-events2rules-v1.0.ipynb to generate rules.

By default produced rules are in Alert mode, it can be changed to Allow.

Set your file names

file_in = "INSERT_FILE_NAME.csv"
file_result = "INSERT_FILE_NAME.json"

Choose the rule effect

Available rule effects: "allow" OR "alert" OR "prevent"
Default rule_effect = "alert"

Run the notebook.

4.2 Use a Python script cnns-gen.py derived from the Jupyter notebook with parametrization.

Default script arguments are: RULE_EFFECT = "alert", INPUT = "in.csv", OUTPUT = "out.json"

Run the script with default settings or use your own argument values.

python cnns-gen.py -h
usage: cnns-gen.py [-h] [-e RULE_EFFECT] [-i INPUT] [-o OUTPUT]

CNNF/CNNS firewall rules generator v1.0

optional arguments:
  -h, --help            show this help message and exit
  -e RULE_EFFECT, --rule_effect RULE_EFFECT
                        rule effect (default: alert)
  -i INPUT, --input INPUT
                        image input (default: in.csv)
  -o OUTPUT, --output OUTPUT
                        image output (default: out.json)

Example script usage:

python cnns-gen.py -e allow -i twistlock_firewall_network_container_audit_11_11_22_11_26_05.csv -o fw-rules-to-be-imported.json
Step 5. Import a JSON output file to CNNF/CNNS.

Import the output file at Compute > Defend > CNNF/CNNS > Import icon

It can take roughly 10 seconds per each 150 rules for the Console to finish and confirm the task.

The screenshot attached below depicts importing rules in CNNF in the self-hosted Console. The same applies to CNNS in the SaaS Console. image

Collections are configured by the same import. image

About

Prisma Cloud CNNS initiatives, deployment scripts and materials.

Resources

Readme
Activity
Custom properties

Stars

4 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages