topic [API]PYTHON PANDEVICE - SET SECURITY PROFILE in General Topics

[API]PYTHON PANDEVICE - SET SECURITY PROFILE

Chango — Mon, 23 Sep 2019 14:45:18 GMT

Hi all,

I'm using PaloAlto's API for the first time.

My idea is the following:

- for each rule, I would like to apply a security profile based on the service setted.

Reading some docs online i wrote this pseudocode.

HOSTNAME = '192.168.55.10'
API_KEY = 'My_Api_Key'

fw = pandevice.firewall.Firewall(hostname=HOSTNAME, api_key=API_KEY)
rulebase = pandevice.policies.Rulebase()
fw.add(rulebase)
rules = pandevice.policies.SecurityRule.refreshall(rulebase)

for rule in rules:

       if (rule.service is ugual to any):

                 //set security_profile (like av,URL Filtering Profiles,Vulnerability Protection Profiles,etc...)

       rule.apply()

fw.commit(sync=True)

Do you have any ideas ? Could you help me?

Thanks in advice!

Re: [API]PYTHON PANDEVICE - SET SECURITY PROFILE

BPry — Fri, 05 Apr 2019 19:45:21 GMT

@Chango,

My advice would be to really learn the api before you even attempt to do something that actually makes changes to your policy. Spend some time messing around and reading the docs before you attempt to modify your rulebase, and when you start modifing the rulebase focus on modifying a set rule instead of attempting such a brod modfication as your first script.

Re: [API]PYTHON PANDEVICE - SET SECURITY PROFILE

Chango — Sat, 06 Apr 2019 10:13:54 GMT

@BPry

Hi BPri, thanks for the answer.
Yes sure, i know. I will try it in a test environment.
If possible I'd like to have some advice aboute the code.

Re: [API]PYTHON PANDEVICE - SET SECURITY PROFILE

BPry — Sun, 07 Apr 2019 01:47:05 GMT

@Chango,

I don't give any support for code unless I've directly supplied it to address a users issues; this is a long-standing policy I've had in this forum to avoid any potential issues due to untested code.

The only thing I'll mention is that your script as written will 100% not work as expected, as I'm sure you are already fully aware. For starters, where you have "if (service is equal to any):" you'll simply get a error since you've never defined 'service'. To get the service of the rule you would need to do something like the following:

for rule in rules:
    if (rule.service is equal to any):

That any statement also won't work due to how the value actually returns.

Re: [API]PYTHON PANDEVICE - SET SECURITY PROFILE

Chango — Mon, 23 Sep 2019 14:44:00 GMT

@BPry

Yes i know that my script as written will not work.

I worte a pseudocode. I don't know what is the method that allows me to set the security profile. I didn't find it in the documentation.

Could you tell me what is the method?

Thanks in advice.

Re: [API]PYTHON PANDEVICE - SET SECURITY PROFILE

ECerafogli — Mon, 23 Sep 2019 14:43:06 GMT

Hi Changò,

use this:

for rule in rules:
    rule.virus = "my-antivirus-profile"

Re: [API]PYTHON PANDEVICE - SET SECURITY PROFILE

EdoardoCerafogli — Mon, 11 May 2020 09:21:46 GMT

Hi Changò,

use this:

for rule in rules:
    rule.virus = "my-antivirus-profile"

Regards

Re: [API]PYTHON PANDEVICE - SET SECURITY PROFILE

Alpha123 — Tue, 18 Aug 2020 11:18:01 GMT

What are the values that we need to set for the spyware,virus,vulnerability arguments in SecurityRule ?

I found that the values going to be default, strict,allow,drop...etc like that by referring the below link

https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/policy/security-profiles

But also in some examples they said like this

rule.virus = "my-antivirus-profile"

Which one is right ? Either we have to specify the profile of our own and give it as values or default,strict ...those acts as values ? please help me on this