SafeNetworking is a software application that recevies events (DNS queries to known, malicious domains) from Palo Alto Networks NGFWs. Using the Palo Alto Networks Threat Intelligence Cloud, SafeNetworking is able to correlate these DNS queries with malware known to be associated with the domain in question. SafeNetworking utilizes ElasticStack's open-source version to gather, store and visualize these enriched events.

For a more detailed introduction to SafeNetworking, see What is SafeNetworking?
For the latest information and release specific notes view the release notes

NOTE: If you already have an ElasticStack cluster (i.e. ElasticCloud or a local install) skip to step 2

1.) Infrastructure Setup Instructions

2.) Install SafeNetworking

3.) Configure SafeNetworking for your installation

4.) NGFW Configuration

5.) Running SafeNetworking

Post install

SafeNetworking should now be running and processing events. You will need to perfrom some minor post install setup in Kibana for the visualizations and dashboards. Kibana setup for SafeNetworking

Best Practices and Optional Configuration

You should be all set. For even more ideas on what you can do with the system and other things that you can download and install to get the most out of SafeNetworking, checkout the Wiki!!