[panw_metrics] Add Palo Alto Networks metrics integration

.github/CODEOWNERS

@@ -421,3 +421,4 @@
 /packages/zoom @elastic/security-service-integrations
 /packages/zscaler_zia @elastic/security-service-integrations
 /packages/zscaler_zpa @elastic/security-service-integrations
+/packages/panw_metrics @elastic/obs-infraobs-integrations

packages/panw_metrics/_dev/build/build.yml

@@ -0,0 +1,3 @@
+dependencies:
+  ecs:
+    reference: "[email protected]"

packages/panw_metrics/_dev/build/docs/README.md

@@ -0,0 +1,67 @@
+# Palo Alto Networks Integration
+
+This integration periodically fetches metrics from [Palo Alto Networks](https://www.paloaltonetworks.com/) firewalls and management systems.
+
+## Compatibility
+
+The integration uses the [Pango](https://github.com/PaloAltoNetworks/pango) library to collect metrics from Palo Alto Networks firewalls.
+
+## Configuration
+
+## Metrics
+
+### interfaces
+
+The `interfaces` dataset collects detailed network interface statistics from Palo Alto Networks firewalls. It provides information about interface status, traffic throughput, packet counts, error rates, and configuration details, including physical, logical, and high-availability (HA) interfaces.
+
+{{event "interfaces"}}
+
+The fields reported are:
+
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
+{{fields "interfaces"}}
+
+### routing
+
+The `routing` dataset gathers comprehensive routing information from Palo Alto Networks devices. It includes details about routing protocols (with a focus on BGP), static and dynamic routes, next hops, AS numbers, and peer states. This dataset provides insights into the device's routing table and its interactions with other network devices.
+
+{{event "routing"}}
+
+The fields reported are:
+
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
+{{fields "routing"}}
+
+### system
+
+The `system` dataset collects a wide range of system-level metrics from Palo Alto Networks firewalls. This includes CPU usage, memory utilization, disk space, load averages, and process statistics. It also provides information about system uptime, licensed features, file system usage, and hardware component status (such as fans, thermal sensors, and power supplies).
+
+{{event "system"}}
+
+The fields reported are:
+
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
+{{fields "system"}}
+
+### vpn
+
+The `vpn` dataset gathers detailed Virtual Private Network (VPN) statistics from Palo Alto Networks devices. It covers both GlobalProtect and IPsec VPN technologies, providing information about active VPN sessions, user connections, tunnel status, encryption details, and performance metrics. This dataset offers insights into VPN usage, security, and performance.
+
+{{event "vpn"}}
+
+The fields reported are:
+
+**ECS Field Reference**
+
+Please refer to the following [document](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) for detailed information on ECS fields.
+
+{{fields "vpn"}}

packages/panw_metrics/changelog.yml

@@ -0,0 +1,6 @@
+# newer versions go on top
+- version: "0.0.1"
+  changes:
+    - description: Initial draft of the package
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/11099

packages/panw_metrics/data_stream/interfaces/agent/stream/stream.yml.hbs

@@ -0,0 +1,6 @@
+metricsets: ["interfaces"]
+period: {{period}}
+host_ip: {{host_ip}}
+port: {{port}}
+apiKey: {{apiKey}}
+apiDebugMode: {{apiDebugMode}}

packages/panw_metrics/data_stream/interfaces/fields/agent.yml

@@ -0,0 +1,33 @@
+- name: cloud
+  title: Cloud
+  group: 2
+  description: Fields related to the cloud or infrastructure the events are coming from.
+  footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.'
+  type: group
+  fields:
+    - name: image.id
+      type: keyword
+      description: Image ID for the cloud instance.
+- name: host
+  title: Host
+  group: 2
+  description: 'A host is defined as a general computing instance.  ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.'
+  type: group
+  fields:
+    - name: containerized
+      type: boolean
+      description: >
+        If the host is a container.
+
+    - name: os.build
+      type: keyword
+      example: "18D109"
+      description: >
+        OS build information.
+
+    - name: os.codename
+      type: keyword
+      example: "stretch"
+      description: >
+        OS codename, if any.
+

packages/panw_metrics/data_stream/interfaces/fields/base-fields.yml

@@ -0,0 +1,12 @@
+- name: data_stream.type
+  type: constant_keyword
+  description: Data stream type.
+- name: data_stream.dataset
+  type: constant_keyword
+  description: Data stream dataset.
+- name: data_stream.namespace
+  type: constant_keyword
+  description: Data stream namespace.
+- name: '@timestamp'
+  type: date
+  description: Event timestamp.