SNMP configured with default community public/private-paloaltonetworks-panos

SNMP configured with default community public/private-paloaltonetworks-panos
0

SNMP configured with default community public/private-paloaltonetworks-panos

Vendor: paloaltonetworks

OS: panos

Description:
Indeni will alert if any of SNMP communities is set to “public” or “private”.

Remediation Steps:
If SNMPv2 has to be used, use a random community that is hard to guess. If possible switch to SNMPv3 instead, which uses username and password instead of a single community string.

How does this work?
This alert uses the Palo Alto Networks API interface to parse through SNMP Trap profiles and alert the admin if the community name is set to “PUBLIC” or “PRIVATE”.

Why is this important?
If the default SNMP communities are configured, like “public” or “private” it could allow unauthorized clients to poll the device.

Without Indeni how would you find this?
Login to the device’s web interface and click on “Device” -> “Server Profiles” -> “SNMP Trap”.

panos-snmp-trap-default-community

name: panos-snmp-trap-default-community
description: Make sure the Community names are not set with the default ones so that
    we can maintain unique community strings and have no conflicts in the network
    with multiple SNMP services being used.
type: monitoring
monitoring_interval: 60 minutes
requires:
    vendor: paloaltonetworks
    os.name: panos
    product: firewall
comments:
    snmp-communities:
        why: |
            If the default SNMP communities are configured, like "public" or "private" it could allow unauthorized clients to poll the device.
        how: |
            This alert uses the Palo Alto Networks API interface to parse through SNMP Trap profiles and alert the admin if the community name is set to "PUBLIC" or "PRIVATE".
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: HTTP
        command: /api/?type=config&action=get&xpath=/config/shared/log-settings/snmptrap&key=${api-key}
    parse:
        type: XML
        file: panos-snmp-trap-default-community.parser.1.xml.yaml

cross_vendor_snmp_communities_default

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/CrossVendorSnmpCommunitiesDefault.scala