Skip to main content

SafeNetworking

Enrich Palo Alto Networks firewall logs with advanced threat intelligence from AutoFocus. Correlate DNS queries, IoT threats, and network events with known malware signatures in real-time.

Get StartedLearn More
Threat Intelligence

Quick Start

Get SafeNetworking up and running in minutes

1

Install dependencies

SafeNetworking requires Python 3.6+, Elasticsearch, Logstash, and Kibana. Install the Python dependencies:
python3.6 -m venv .env
source .env/bin/activate
pip install -r requirements.txt
2

Configure AutoFocus API

Create a .panrc configuration file in the project root with your AutoFocus API key:
AUTOFOCUS_API_KEY = "your-api-key-here"
Get your AutoFocus API key from the Palo Alto Networks Customer Support Portal.
3

Run the setup script

Execute the installation script to configure ElasticStack components:
sudo ./install/setup.sh
This configures Elasticsearch, Kibana, and Logstash pipelines for SafeNetworking.
4

Start SafeNetworking

Launch the application to begin processing threat events:
./sfn start
SafeNetworking will begin listening for syslog events and enriching them with threat intelligence.

Explore SafeNetworking

Discover key features and capabilities

DNS Threat Enrichment

Correlate DNS queries with AutoFocus threat intelligence to identify malicious domains and C&C channels.

IoT Threat Detection

Detect IoT botnets and compromised devices using honeypot intelligence feeds.

Architecture Overview

Understand how SafeNetworking integrates with your network infrastructure and threat feeds.

CLI Reference

Complete command-line reference for managing SafeNetworking operations.

Key Features

Real-Time Event Processing

Multi-threaded background workers process threat events as they arrive, enriching them with malware intelligence and confidence scores.

Elasticsearch Integration

Store and query enriched threat events using Elasticsearch with pre-configured Kibana dashboards for visualization.

AutoFocus Integration

Leverage Palo Alto Networks’ AutoFocus threat intelligence cloud to identify malware campaigns, actors, and families.

Service Provider Ready

Built for service providers with support for GTP/SCTP logging, multi-tenant deployments, and high-volume event processing.

Ready to secure your network?

Start enriching your firewall logs with threat intelligence from AutoFocus and gain visibility into malicious activity across your network.

Install SafeNetworking