nexpose_paloalto 0.1.2 → 0.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4031017be8639d09edbb9fef2ffb3ec43b21330e
-  data.tar.gz: f75c2a16d0ce151d132a77eaf11c9e3b377b2cbb
+  metadata.gz: c0af792eac7ae480fd8b3b64aafa83fbe1404dee
+  data.tar.gz: 2a45f4ccc434c1e6e6cf111215704e91219a3a93
 SHA512:
-  metadata.gz: 410ba9dfbe608b1465fdc6bd5967f561537e1ef3b36799ff9454d9440de7a3d708f68a80ba82112b68f88ac7196a6c5941d9f9ed6c0fea48a36a88980b4a9034
-  data.tar.gz: 3495a3363873daa1faa9fc2956262907d37f6e7122e1ae269094c41c01cce8f12f5d910df0cda6dc579b076d271699de2252779dee83b7be5935525f79c9866c
+  metadata.gz: 3fa81cb10b01533f4fbee535e9994656ff6b5d7f47d0deb93df354b65936cafaa7dd028903625957d6c53b6ad3b2d1552c3c5cd99ff80efb4e484736383ae955
+  data.tar.gz: be3c6a081d67b4d200a0e0f60ad7fd50dbad2628afa2e65fa173c214ef0f786b13f132806048e2401d33760efff5077715b2537088375afdc7c06feba1135573

data/README.md

@@ -2,14 +2,17 @@
 
 Nexpose -> Palo Alto integration Gem.
 
-With this Gem an integration between Nexpose Dynamic Asset Groups and Palo Alto's PAN TAGs. By using this integration,
-dynamic asset groups could be setup in Nexpose that correspond to groups in PAN with applicable policies.
-
-For example:
-* Create a DAG in Nexpose which affects a particular vulnerability (Heartbleed).
-* Define a policy in PAN to block SSL (mitigates temporarily Heartbleed).
-* Run this Gem with the Hearbleed DAG in the configuration.
-* All assets identified by Nexpose will be registered in PAN.
+This gem is an integration between Nexpose Dynamic Asset Groups and Palo 
+Alto's PAN Tags. By using this integration,
+dynamic asset groups could be setup in Nexpose that correspond to groups in PAN 
+with applicable policies.
+
+For example:  
+
+* Create a DAG in Nexpose which affects a particular vulnerability (Heartbleed).  
+* Define a policy in PAN to block SSL (mitigates temporarily Heartbleed).  
+* Run this gem with the Hearbleed DAG in the configuration.  
+* All assets identified by Nexpose will be registered in PAN.  
 * Apply PAN Heartbleed Policy on the created group.
 
 ## Installation
@@ -32,32 +35,81 @@ Or install it yourself as:
 
 Follow these steps once installed:
 
-* Modify the file nexpose_paloalto.rb under the bin folder, and add the DAGs to report on.
+* Modify the file nexpose_paloalto.config under the lib/paloalto/config folder, 
+and add the DAGs to report on. Sites can also be used.
+ 
+* Also include the port for the Nexpose console if it does not use the default 
+port.
 
-* Add the following Environment variables, with your respective information:
+* Add the following information to the configuration file, or set as environment
+ variables:
 
-NEXPOSE_URL
+	* NEXPOSE_URL (IP address or hostname)
 
-NEXPOSE_USERNAME
+	* NEXPOSE_USERNAME
 
-NEXPOSE_PASSWORD
+	* NEXPOSE_PASSWORD
 
+	* PAN_URL
 
-PAN_URL
+	* PAN_USERNAME
 
-PAN_USERNAME
+	* PAN_PASSWORD
 
-PAN_PASSWORD
 
+* Run the command 'nexpose_paloalto' under the bin folder.
 
-For Linux systems, make sure they are added to the current environment where the gem is run.
+* (Optional) Review the log file under the logs folder in the Gem path.
 
-For Windows systems, make sure they are on the Environment Variables section in your Control Panel.
+For any support requests, please email support@rapid7.com with a description of 
+the issue and any logs available.
 
-* Run the command 'nexpose_paloalto' under the bin folder.
+#### Notes on Environment Variables
+For Linux systems, make sure they are added to the current environment where 
+the gem is run.
 
-* (Optional) Review the log file under the logs folder in the Gem path.
+For Windows systems, make sure they are set within the environment variables 
+section in your Control Panel.  
+  
+
+## Encryption Settings
+
+The usernames and passwords within the configuration files are automatically 
+encrypted when the integration runs. The key and IV files used during 
+encryption/decryption are saved within the config folder by default.
+
+#### Setting Custom Locations for Encryption Files
+
+To set custom locations for the key and IV files, update the following values 
+within the encryption.config file:
+
+ - key_filename - The absolute path to where the key file will be created.
+ - iv_file - The absolute path to where the IV file will be created.
+
+To set a custom path after the integration has already executed, the files must 
+be moved to the new location manually.
+
+#### Encrypting the Configuration without running the Integration
+The Nexpose Paloalto integration can encrypt its configuration file without running the gem. This allows users to secure their login information for future use e.g for use in a cron-schedule. 
+ 
+The command to do so is:  
+```
+nexpose_paloalto -e
+```  
+or  
+```
+nexpose_paloalto --encrypt_config
+```
+
+
+## Changelog
+
+### 0.1.3
+
+User now has the option to configure the gem using a configuration file as well 
+as with environment variables. DAG and site selection has now been moved to the configuration file.
 
+Added an encryption configuration file. Usernames and passwords within the 
+configuration files are now encrypted when the application runs.
 
-For any support requests, please email support@rapid7.com with a description of the issue and any logs
-available.
+Command line options have been added to the gem. Several are common to all Nexpose gem integrations. Call the gem with '-h' or '--help' to view these options.

data/bin/nexpose_paloalto

@@ -1,40 +1,52 @@
 #!/usr/bin/env ruby
 require 'paloalto'
+require 'paloalto/utilities/config_parser'
+require 'paloalto/utilities/gem_options'
 
-# Obtain Nexpose settings from Environment Variables.
-nexpose_settings = Hash.new
-raise 'Must configure nexpose settings before starting' if ENV['NEXPOSE_URL'].nil? || ENV['NEXPOSE_USERNAME'].nil? || ENV['NEXPOSE_PASSWORD'].nil?
-nexpose_settings[:nexpose_url] = ENV['NEXPOSE_URL']
-nexpose_settings[:nexpose_username] = ENV['NEXPOSE_USERNAME']
-nexpose_settings[:nexpose_password] = ENV['NEXPOSE_PASSWORD']
-# User can change the port if Nexpose does not use port 3780
-nexpose_settings[:nexpose_port] = 3780
-
-# Obtain PAN's info.
-pan_settings = Hash.new
-raise 'Must configure Palo Alto settings before starting' if ENV['PAN_URL'].nil? || ENV['PAN_USERNAME'].nil? || ENV['PAN_PASSWORD'].nil?
-pan_settings[:pan_url] = ENV['PAN_URL']
-pan_settings[:pan_username] = ENV['PAN_USERNAME']
-pan_settings[:pan_password] = ENV['PAN_PASSWORD']
-
-# Nexpose options
-# Dynamic Asset Groups to use, separated by commas:
-# dag = [1, 2]
-dag = []
-
-# Sites to use. We recommend using DAGs, separated by commas:
-# sites = [1, 2]
-sites = []
-
-# Report Time_out. Leave default value of 10800.
-report_timeout = 10800
-
-# Do not edit below this line.
-# Check that everything is in place before we start it.
-raise 'Must configure a site or a dag before starting' if dag.empty? && sites.empty?
-nexpose_settings[:dag] = dag
-nexpose_settings[:sites] = sites
-nexpose_settings[:timeout] = report_timeout
+# Obtain Integration settings from Encrypted Configuration File.
+PA_CONFIG_PATH = File.join(File.dirname(__FILE__), 
+                          '../lib/paloalto/config/nexpose_paloalto.config')
+config_path = File.expand_path(PA_CONFIG_PATH)
+
+# Setup Logging
+Paloalto.enable_logging
+
+# Setup CLI Options
+GemOptions.create_parser
+          .with_banner_and_options('nexpose_paloalto')
+          .with_configuration_encryption([config_path])
+          .with_help_and_version('Nexpose PaloAlto', Paloalto::VERSION)
+          .parse
+
+service_data = ConfigParser.get_config(config_path)
+
+# Setup Logging
+Paloalto.enable_logging
+
+# Use ENV instead of configuration options if they are set
+nexpose_settings = Paloalto.set_variables(service_data[:nexpose_options])
+pan_settings = Paloalto.set_variables(service_data[:pan_options])
+
+nexpose_fields = %i(nexpose_url nexpose_username nexpose_password)
+pan_fields= %i(pan_url pan_username pan_password)
+
+if nexpose_fields.any? { |i| nexpose_settings[i].nil? } 
+  raise "Must configure Nexpose settings before starting (by Configuration \
+    file or Environment variable)"
+end
+  
+if pan_fields.any? { |i| pan_settings[i].nil? }
+  raise "Must configure PAN settings before starting (by Configuration \
+    file or Environment variable)"
+end
+
+if service_data[:options][:dag].empty? && service_data[:options][:sites].empty?
+  raise 'Must configure a site or a dag before starting' 
+end
+
+nexpose_settings[:dag] = service_data[:options][:dag]
+nexpose_settings[:sites] = service_data[:options][:sites]
+nexpose_settings[:timeout] = service_data[:options][:report_timeout]
 
 # Start integration with all the parameters.
 Paloalto.start_integration(nexpose_settings, pan_settings)

data/lib/paloalto.rb

@@ -1,12 +1,12 @@
 require 'paloalto/version'
 require 'paloalto/nexpose_helper'
 require 'paloalto/ngfw'
-require 'paloalto/nx_logger'
+require 'paloalto/utilities/nx_logger'
 
 module Paloalto
   def self.start_integration(nexpose_settings, pan_settings)
-  # Asset query.
-  asset_query = "select asset_id, da.ip_address, string_agg(DISTINCT '<' || dt.tag_name, '>') || '>' as tags
+    # Asset query.
+    asset_query = "select asset_id, da.ip_address, string_agg(DISTINCT '<' || dt.tag_name, '>') || '>' as tags
     from dim_site_asset
     LEFT OUTER JOIN dim_asset da USING (asset_id)
     LEFT OUTER JOIN dim_tag_asset dta using (asset_id)
@@ -24,15 +24,9 @@ module Paloalto
 
     report_timeout = nexpose_settings[:timeout]
 
-    #Setup logging
-    @log = Paloalto::NxLogger.instance
-    @log.setup_statistics_collection(Paloalto::VENDOR, 
-                                     Paloalto::PRODUCT, 
-                                     Paloalto::VERSION)
-    @log.setup_logging(true, 'info')
-
-    #Nexpose sites and DAGs to import. Uses Site Id and DAG ID e.g. 'sites = [1,2,3,4]'. Leave as nil to run on all sites and DAGs the user has access to or
-    # set as an empty array e.g. 'dags=[]' to not run on any sites/dags.
+    # Nexpose sites and DAGs to import. Uses Site Id and DAG ID e.g.
+    # 'sites = [1,2,3,4]'. Leave as nil to run on all sites and DAGs the user
+    # has access to or set as an empty array e.g. 'dags=[]' to not run on any sites/dags.
     sites = nexpose_settings[:sites]
     dags = nexpose_settings[:dag]
 
@@ -151,5 +145,22 @@ module Paloalto
     @log.log_message('Exiting..')
   end
 
+  def self.enable_logging()
+    @log = Paloalto::NxLogger.instance
+    @log.setup_statistics_collection(Paloalto::VENDOR,
+                                     Paloalto::PRODUCT,
+                                     Paloalto::VERSION)
+    @log.setup_logging(true, 'info')
+  end
 
+  def self.set_variables(options)
+    settings = {}
+    options.each_key do |key|
+      value = ENV[key.to_s.upcase]
+      value ||= options[key]
+      @log.log_message('No configuration value found for #{key}') if value.nil?
+      settings[key] = value
+    end
+    settings
+  end
 end

data/lib/paloalto/config/encryption.config

@@ -0,0 +1,20 @@
+#
+# Symmetric Encryption for Ruby
+#
+---
+production:
+  # Since the encryption key must NOT be stored along with the
+  # source code, only store the key encryption key here.
+  private_rsa_key:
+
+  # List Symmetric Key Ciphers in the order of current / newest first
+  ciphers:
+    -
+      # Name of the file containing the encrypted key and iv.
+      key_filename: <absolute/path/to/filename>.key
+      iv_filename: <absolute/path/to/filename>.iv
+
+      cipher: aes-256-cbc
+      encoding: base64strict
+      version: 1
+      always_add_header: true

data/lib/paloalto/config/nexpose_paloalto.config

@@ -0,0 +1,42 @@
+---
+# This configuration file defines all the particular options necessary to run the service.
+# Fields marked (M) are mandatory.
+#
+# For this integration a DAG or site needs to be provided, or both can be provided.
+# To not generate tags for a group (e.g. sites), leave a single '-' as shown below.
+# Removing the '-' will result in tags being generated for all of that group.
+# Do not place site or DAG ids in quotes ('' or "")
+#
+# Service options:
+:options:
+  # Dynamic Asset Groups to use, newline for each:
+  :dag:
+  - 1
+  # Sites to use, newline for each. We recommend using DAGs, above:
+  :sites:
+  -
+  # Report Time_out. Leave default value of 10800.
+  :report_timeout: 10800
+# Nexpose options.  
+:nexpose_options:
+  # (M) Nexpose console hostname.
+  :nexpose_url: 127.0.0.1 
+  # (M) Nexpose username.
+  :nexpose_username: username  
+  # (M) Nexpose password.
+  :nexpose_password: password
+  # Port for Nexpose console. Leave default value of 3780
+  :nexpose_port: 3780
+# PaloAlto Firewall options  
+:pan_options:
+  # (M) PAN hostname.
+  :pan_url: 127.0.0.1 
+  # (M) PAN username.
+  :pan_username: username
+  # (M) PAN password
+  :pan_password: password
+# Encryption options
+:encryption_options:
+  # (M) Path to the encryption.config file
+  :directory: '../../config/encryption.config'
+

data/lib/paloalto/nexpose_helper.rb

@@ -2,11 +2,11 @@ module Paloalto
   module NexposeHelper
     require 'nexpose'
     require 'csv'
-    require 'paloalto/nx_logger'
+    require 'paloalto/utilities/nx_logger'
 
     # Logs in to Nexpose using the url, username and password.
     def self.login(url=nil, username=nil, password=nil, port=3780)
-      raise 'Nexpose connection must be set in environment variables.' if url.nil? || username.nil? || password.nil?
+      raise 'Nexpose connection details must be set.' if url.nil? || username.nil? || password.nil?
       nsc = Nexpose::Connection.new(url, username, password, port)
       nsc.login
       Paloalto::NxLogger.instance.on_connect(url, port, nsc.session_id, "{}")

data/lib/paloalto/utilities/config_parser.rb

@@ -0,0 +1,141 @@
+require 'erb'
+require 'yaml'
+require 'fileutils'
+require 'symmetric-encryption'
+
+class ConfigParser
+  ENCRYPTED_FORMAT = '<%%= SymmetricEncryption.try_decrypt "%s" %%>'
+  PLACEHOLDER = '<absolute/path/to/filename>'
+  # The environment to use, defined within the encryption config
+  STANZA = 'production'
+  # The line width of the YAML file before line-wrapping occurs
+  WIDTH = 120
+
+  # Encrypts a configuration file and returns the unencrypted hash.
+  def self.get_config(config_path, enc_path=nil)
+    # Try to load a path from the provided config
+    custom_enc_path = get_enc_directory(config_path)
+    enc_path = custom_enc_path unless custom_enc_path.nil?
+
+    enc_path = File.expand_path(enc_path, __FILE__)
+    config_path = File.expand_path(config_path)
+
+
+    generate_keys(enc_path, config_path)
+    encrypt_config(enc_path, config_path)
+    decrypt_config(enc_path, config_path)
+  end
+
+  # Writes the YAML to file with custom formatting options
+  def self.save_config(config_details, config_path)
+    yaml = config_details.to_yaml(line_width: WIDTH)
+    File.open(config_path, 'w') {|f| f.write yaml }
+  end
+
+  def self.encrypt_field(value)
+    encrypted_value = SymmetricEncryption.encrypt value
+    ENCRYPTED_FORMAT % encrypted_value
+  end
+
+  # Retrieves the custom directory of the encryption config
+  def self.get_enc_directory(config_path)
+    settings = YAML.load_file(config_path)
+    return nil if settings[:encryption_options].nil?
+
+    enc_dir = settings[:encryption_options][:directory]
+    return nil if (enc_dir.nil? || enc_dir == '')
+
+    File.expand_path(enc_dir, __FILE__)
+  end
+
+  # Generates the RSA key, associated files and directories.
+  def self.generate_keys(enc_path, config_path)
+    settings = YAML.load_file(enc_path)
+    key = settings[STANZA]['private_rsa_key']
+
+    # Recognise an existing key
+    return unless (key.nil? || key == '')
+
+    # Generate a new RSA key and store the details
+    new_rsa_key = SymmetricEncryption::KeyEncryptionKey.generate
+    settings[STANZA]['private_rsa_key'] = new_rsa_key
+    save_config(settings, enc_path)
+
+    # Populate the placeholder values within the config
+    populate_ciphers(enc_path, config_path)
+
+    # Need to create a folder (specified by the user) to store the key files
+    dir = File.dirname(settings[STANZA]['ciphers'].first['key_filename'])
+
+    begin
+      unless File.directory?(dir) || PLACEHOLDER.include?(dir)
+        puts "Creating folder: #{dir}"
+        FileUtils::mkdir_p dir
+      end
+    rescue Exception => e
+      msg = "Unable to create the folders used to store encryption details.\n"\
+            'Please ensure the user has permissions to create folders in the ' \
+            "path specified in the  encryption config: #{enc_path}\n"
+      handle_error(msg, e)
+    end
+
+    SymmetricEncryption.generate_symmetric_key_files(enc_path, STANZA)
+  end
+
+  # Replace placeholder values for the key and iv file paths,
+  # placing them in the config folder by default.
+  def self.populate_ciphers(enc_path, config_path)
+    settings = YAML.load_file(enc_path)
+    ciphers = settings[STANZA]['ciphers'].first
+    config_folder = File.dirname(config_path)
+    config_name = File.basename(config_path, File.extname(config_path))
+
+    %w(key iv).each do |file|
+      label = "#{file}_filename"
+      file_path = ciphers[label]
+      next unless file_path.include? PLACEHOLDER
+
+      filename = ".#{config_name}.#{file}"
+      ciphers[label] = File.join(config_folder, filename)
+    end
+
+    save_config(settings, enc_path)
+  end
+
+  def self.encrypt_config(enc_path, config_path)
+    SymmetricEncryption.load!(enc_path, STANZA)
+
+    # Read the config in as an array of strings
+    f = File.open(config_path)
+    config_lines = f.readlines
+    f.close
+
+    # Define the regex that can find relevant fields
+    regex = /^(?<label>\s*:?\w*(passw|pwd|user|usr)\w*:?\s)(?<value>.*)$/
+
+    # Line by line, write the line to file, encrypting sensitive fields
+    File.open(config_path, 'w+') do |f|
+      config_lines.each do |l|
+        matches = l.match(regex)
+
+        # Encrypt fields with username/password labels that are in plaintext
+        unless matches.nil? || matches['value'].include?('SymmetricEncryption')
+          l = "#{matches['label']}#{encrypt_field(matches['value'])}"
+        end
+
+        f.puts l
+      end
+    end
+  end
+
+  # Returns a hash containing the decrypted details from a config file.
+  def self.decrypt_config(enc_path, config_path)
+    SymmetricEncryption.load!(enc_path, STANZA)
+    return YAML.load(ERB.new(File.new(config_path).read).result)
+  end
+
+  def self.handle_error(message, error)
+    puts message
+    raise error
+  end
+end

data/lib/paloalto/utilities/gem_options.rb

@@ -0,0 +1,91 @@
+require 'optparse'
+
+class GemOptions
+
+  @parser
+
+  def self.create_parser
+    @parser = OptionParser.new
+    self
+  end
+
+  # How the gem is used e.g 'nexpose ticketing jira [options]'
+  def self.with_banner(gem_usage_string)
+    @parser.banner = "Usage: #{gem_usage_string} [options]"
+    @parser.separator ''
+    self
+  end
+
+  # Header for options list
+  def self.with_options
+    @parser.separator 'Options:'
+    self
+  end
+
+  # Creates banner and options
+  def self.with_banner_and_options(gem_usage_string)
+    with_banner(gem_usage_string)
+    with_options
+    self
+  end
+
+  # For setting encryption switch. Can be set to work with two configurations
+  # Config_paths is an array
+  def self.with_configuration_encryption(config_paths, enc_path = nil)
+    @parser.on('-e',
+            '--encrypt_config',
+            'Encrypt the configuration file(s) without running the gem') do |e|
+      ConfigParser.get_config(config_paths.first, enc_path) unless enc_path.nil?
+      ConfigParser.get_config(config_paths.last)
+      puts "\nConfiguration File(s) Encrypted"
+      exit
+    end
+    self
+  end
+
+  def self.with_help
+    @parser.on_tail('-h', '--help', 'Show this message') do |h|
+      puts @parser
+      exit
+    end
+    self
+  end
+
+  def self.with_version(gem, version)
+    @parser.on_tail('--version', 'Version Information') do |v|
+      puts "#{gem} #{version}"
+      exit
+    end
+    self
+  end
+
+  def self.with_help_and_version(gem, version)
+    with_help
+    with_version(gem, version)
+    self
+  end
+
+  # Method to allow integrations to create own options, with both short and long
+  # switches and description.
+  # Handler is the block to run when option is called.
+  def self.with_other_option(short_switch, long_switch, description, &handler)
+    @parser.on("-#{short_switch}", "--#{long_switch}", description) do |opt|
+      handler.call
+    end
+  end
+
+  # Method to allow integrations to create own options, with only one size of
+  # switch and description.
+  # '-' for short switches and '--' for long switches is required.
+  # Handler is the block to run when option is called.
+  def self.with_single_switch_option(identifier, switch, description, &handler)
+    @parser.on("#{identifier}#{switch}", description) do |opt|
+      handler.call
+    end
+  end
+
+  # Parses the options to make them available
+  def self.parse
+    @parser.parse!
+  end
+end

data/lib/paloalto/{nx_logger.rb → utilities/nx_logger.rb}

@@ -6,7 +6,7 @@ require 'singleton'
 module Paloalto
   class NxLogger
     include Singleton
-    LOG_PATH = "./logs/rapid7_%s.log"
+    LOG_PATH = "../logs/rapid7_%s.log"
     KEY_FORMAT = "external.integration.%s"
     PRODUCT_FORMAT = "%s_%s"
 
@@ -163,4 +163,4 @@ module Paloalto
     end
 
   end
-end
+end

data/lib/paloalto/version.rb

@@ -1,5 +1,5 @@
 module Paloalto
-  VERSION = "0.1.2"
+  VERSION = "0.1.3"
   VENDOR = "Palo Alto"
   PRODUCT = "NGFW"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: nexpose_paloalto
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.1.3
 platform: ruby
 authors:
 - Damian Finol
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-05-08 00:00:00.000000000 Z
+date: 2017-05-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -81,6 +81,26 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.6'
+- !ruby/object:Gem::Dependency
+  name: symmetric-encryption
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.9'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.9.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.9'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.9.0
 description: This Gem allows usage of Nexpose Dynamic Asset groups with Palo Alto
   TAGs.
 email:
@@ -97,9 +117,13 @@ files:
 - Rakefile
 - bin/nexpose_paloalto
 - lib/paloalto.rb
+- lib/paloalto/config/encryption.config
+- lib/paloalto/config/nexpose_paloalto.config
 - lib/paloalto/nexpose_helper.rb
 - lib/paloalto/ngfw.rb
-- lib/paloalto/nx_logger.rb
+- lib/paloalto/utilities/config_parser.rb
+- lib/paloalto/utilities/gem_options.rb
+- lib/paloalto/utilities/nx_logger.rb
 - lib/paloalto/version.rb
 homepage: http://www.rapid7.com
 licenses: