SNMPv2c/v1 used-paloaltonetworks-panos

SNMPv2c/v1 used-paloaltonetworks-panos
0

SNMPv2c/v1 used-paloaltonetworks-panos

Vendor: paloaltonetworks

OS: panos

Description:
As SNMPv2 is not very secure, Indeni will alert if it is used.

Remediation Steps:
Configure SNMPv3 instead.

How does this work?
This script pulls the Palo Alto Networks firewall’s active configuration and extracts the configured services from there.

Why is this important?
SNMPv2c is an unsecure protocol and should not be used. Users should prefer the more secure SNMPv3.

Without Indeni how would you find this?
An administrator may write a script to pull this data from devices and compare against a gold configuration.

panos-show_config_running-monitoring-xml

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/parsers/src/panw/panos/show-config-running-m/show-config-running-m.ind.yaml

cross_vendor_snmp_v2

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.ruleengine.expressions.conditions.{Equals => RuleEquals, Not => RuleNot, Or => RuleOr}
import com.indeni.ruleengine.expressions.data.SnapshotExpression
import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.SingleSnapshotValueCheckTemplateRule
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity
import com.indeni.server.rules.RemediationStepCondition
import com.indeni.server.rules.library.RuleHelper

/**
  *
  */
case class cross_vendor_snmp_v2() extends SingleSnapshotValueCheckTemplateRule(
  ruleName = "cross_vendor_snmp_v2",
  ruleFriendlyName = "All Devices: SNMPv2c/v1 used",
  ruleDescription = "As SNMPv2 is not very secure, Indeni will alert if it is used.",
  severity = AlertSeverity.WARN,
  metricName = "unencrypted-snmp-configured",
  alertDescription = "Older versions of SNMP do not use encryption. This could potentially allow an attacker to obtain valuable information about the infrastructure.",
  baseRemediationText = "Configure SNMPv3 instead.",
  complexCondition = RuleEquals(RuleHelper.createComplexStringConstantExpression("true"), SnapshotExpression("unencrypted-snmp-configured").asSingle().mostRecent().value().noneable)
)(RemediationStepCondition.VENDOR_F5 -> "Review https://support.f5.com/csp/article/K13625")