Palo Alto Traps Sandbox

52 Launches
Solution Overview
WWT's Palo Alto Traps Lab exists to provide a sandbox environment that can be used to evaluate the Palo Alto solution suite across a wide variety of endpoints, including both Windows and Unix-based operating systems. There is also an attack machine, running Kali Linux, with which to test the efficacy of these tools using benign, non-weaponized malware. 
Palo Alto Networks Traps endpoint protection and response stops threats and coordinates enforcement with network and cloud security to prevent successful cyberattacks. Traps blocks known and unknown malware, exploits, and ransomware by observing attack techniques and behaviors. Additionally, it enables organizations to automatically detect and respond to sophisticated attacks by using machine learning and artificial intelligence (AI) techniques with data collected on the endpoint, network and cloud. 
You will access the environment using a Windows-based jumphost from which you can browse web consoles, open RDP/SSH sessions, etc. See topology diagram above and to the right.

Goals & Objectives

The purpose of the sandbox lab is to help you develop proficiency in deploying, managing and monitoring the Palo Alto Traps solution. The lab guide provides a flexible framework for evaluating the solution, its installation and behavior in a sample customer environment.

The lab environment will allow you to:
  • Access the ESA baseline sandbox environment.
  • Login to the cloud-based portal.
  • Navigate the portal's interface and workflow.
  • Deploy agents on Windows systems.
  • Deploy agents on Linux systems.

Hardware & Software

 This lab consists of the following hardware and software:
  • Palo Alto Traps (current version).
Server Devices 
  • 1x Windows Jumphost (Windows Server 2016).
  • 1x Generic Server (Windows Server 2012).
  • 1x Generic Server (Windows Server 2016).
  • 1x Generic Server (Red Hat Enterprise Linux 7). 
  • 1x Generic Server (CentOS 7).
  • 1x Generic Server (Solaris 11).
Client Devices 
  • 1x Attack Client (Windows 10 Enterprise).
  • 1x Generic Client (Windows 7 Enterprise).
  • 1x Attack Host (Kali Linux 2018).