Log Forwarding Profile not selected for a Palo Alto Networks device security policy rule
Description
This policy detects whether all security policy rules in Palo Alto Networks devices are associated with a Log Forwarding Profile. These profiles are essential for monitoring, troubleshooting, and auditing, as they determine which logs are forwarded and their destination for analysis and storage.
Code Example
yaml
- name: Example
tasks:
- name: Example
paloaltonetworks.panos.panos_security_rule:
...
+ log_setting: 'default'Remediation
Palo Alto Networks
- Resource: panos_security_rule
- Attribute: log_setting
To mitigate this issue, ensure that the `log_setting` attribute in your `panos_security_rule` resources is defined, and points to an existing Log Forwarding Profile. This setup ensures that activity logs for each rule are captured and forwarded correctly, facilitating effective monitoring and analysis.
Secure Code Example:
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1291 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Ansible |
| Checkov ID | CKV_PAN_9 |