--- Explanation ---
-
This script can retrieve the botnet report from Palo Alto Networks Firewall through XML-API and filter it with the Confidence Level you set up, then mail to you the result.
-
Use cron(for Linux/Mac) or Time-scheduler(for Windows) to kick this script regularly.
-
This script calls PEAR(PHP Extension and Application Repository), so you need to install PEAR in advance.
-
Notification email(email subject, email body) can be customized as your favorite format.
-
Execution results are logged in "system.log".
-
Daily Botnet report is archived, if it exists.
--- Limitation ---
-
The device which runs the script needs to communicate to Palo Alto Networks Firewall with HTTPS(or HTTP) directly. [Not supported the HTTPS/HTTP communication through Proxy server]
-
Email Notification was tested on some SMTP server. Supposing that most of SMTP servers are available, but you need to adjust mailout.php script to your SMTP server environment.