topic Re: Rule creation/modification dates in Automation/API Discussions https://live.paloaltonetworks.com/t5/automation-api-discussions/rule-creation-modification-dates/m-p/180127#M1463 <P>From my understanding, the only way to glean this information would be from the config audit versions (<A href="https://10.73.52.118/api/?type=op&amp;cmd=%3Cshow%3E%3Cconfig%3E%3Caudit%3E%3C%2Faudit%3E%3C%2Fconfig%3E%3C%2Fshow%3E&amp;REST_API_TOKEN=965457492" target="_rest_api">/api/?type=op&amp;cmd=&lt;show&gt;&lt;config&gt;&lt;audit&gt;&lt;/audit&gt;&lt;/config&gt;&lt;/show&gt;</A>). However, looping through each of these every time would add a lot of complexity to your script, and you may not have the config version where the last change to the firewall was made.</P><P>&nbsp;</P><P>Have you considered writing the creation/modification dates to the description field and then using logic to base rules to alert on on the description field?</P> Wed, 04 Oct 2017 20:52:48 GMT nigelswift 2017-10-04T20:52:48Z Rule creation/modification dates https://live.paloaltonetworks.com/t5/automation-api-discussions/rule-creation-modification-dates/m-p/180116#M1462 <P>I'm writing a script to alert when a new MAC address is seen for an IP address that's listed in an Internet-facing rule. I have it working pretty well, but I want to avoid alerting on rules that are themselves new. I'm calling the API via&nbsp;/config/devices/entry/vsys/entry/rulebase/security/rules, but the data I get back doesn't include any creation/modification date information. Is there a way to get that information via the API? Thanks.</P> Wed, 04 Oct 2017 20:38:41 GMT https://live.paloaltonetworks.com/t5/automation-api-discussions/rule-creation-modification-dates/m-p/180116#M1462 ekenda2 2017-10-04T20:38:41Z Re: Rule creation/modification dates https://live.paloaltonetworks.com/t5/automation-api-discussions/rule-creation-modification-dates/m-p/180127#M1463 <P>From my understanding, the only way to glean this information would be from the config audit versions (<A href="https://10.73.52.118/api/?type=op&amp;cmd=%3Cshow%3E%3Cconfig%3E%3Caudit%3E%3C%2Faudit%3E%3C%2Fconfig%3E%3C%2Fshow%3E&amp;REST_API_TOKEN=965457492" target="_rest_api">/api/?type=op&amp;cmd=&lt;show&gt;&lt;config&gt;&lt;audit&gt;&lt;/audit&gt;&lt;/config&gt;&lt;/show&gt;</A>). However, looping through each of these every time would add a lot of complexity to your script, and you may not have the config version where the last change to the firewall was made.</P><P>&nbsp;</P><P>Have you considered writing the creation/modification dates to the description field and then using logic to base rules to alert on on the description field?</P> Wed, 04 Oct 2017 20:52:48 GMT https://live.paloaltonetworks.com/t5/automation-api-discussions/rule-creation-modification-dates/m-p/180127#M1463 nigelswift 2017-10-04T20:52:48Z