Palo Alto PAN-OS

This document provides the steps required to configure the Palo Alto PAN-OS Inspector.


Quick Details

Recommended Agent: Self-Managed
Supported Agents: Self-Managed
Is Auto-Discovered By: N/A
Can Auto-Discover: N/A
Inspection via: API
Data Summary: Here


The Palo Alto Inspector uses the Pan-OS XML API. Please reference Palo Alto's documententation for more information.

Inspector Setup Preparation

Gather the Pan-OS API Key

The only way to gather the Pan-OS API key is to make an API request. You can use any BASH shell or Putty to accomplish this.

  1. Input the username, password, and IP parameters in the script, then run this in the shell.


Passwords with Special Characters

If your Pan-OS password contains special characters, it is possible that the API request will fail. This is caused because certain characters are reserved for the URI call.

To workaround this issue, you will need to encode the password within the URL string. Please see Palo Alto's documentation.

[The Pan-OS documentation](( provides further information about acquiring the API key.


curl -X GET "https://$IP/api/?type=keygen&user=$USERNAME&password=$PASSWORD"

Liongard Inspector Setup

In Liongard, navigate to Admin > Inspectors > Inspector Types > Navigate to the Palo Alto Inspector > Select Add System.

Fill in the following information:

  • Environment: Select the Environment this System should be associated with
  • Friendly Name: Suggested "Palo Alto [Environment Name]"
  • Agent: Select the On-premises Agent or Self-Hosted Agent installed for this Environment
  • Inspector Version: Latest
  • IP/Host Name: IP or Host Name used to access the device
  • Token: API user token from Palo Alto API user.
  • Scheduling: The Inspector will default to run once a day at the time the Inspector is set up. Here you can adjust the schedule

Select Save. The Inspector will now be triggered to run within the minute.