XML API - Get thret ID and CVE (version 8.0)

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L1 Bithead

XML API - Get thret ID and CVE (version 8.0)

Hello.

 

Working with firewalls on version 7 with a query to the following path: xpath=/config/predefined/threats/vulnerability  I was able to get an XML with CVE of every threat, but on version 8 XML doen't contain associated CVE.

 

Are any other path to get threat ID/CVE from the API?

 

Thanks

 

Highlighted
L4 Transporter

Hello,

 

I confirmed this on my firewalls, PAN-OS 7.1 shows threat metadata and PAN-OS 8.0 only has the threat name.  Looking into it and will let you know.  Thanks for your patience.

 

Thanks,

 -Brian

Highlighted
L4 Transporter

This has been opened as issue PAN-81194.  We'll investigate and if it turns out to be a bug we will push a fix into a future 8.0.x maintenance release.

 

Unfortunately, I don't know of a workaround at this time, but will let you know if I come up with anything.

 

Thanks for your help!

Highlighted
L4 Transporter

Looks like this just got fixed today in the PAN-OS 8.0.4 release (PAN-76042). Good work, @btorresgil.

Highlighted
L4 Transporter

Glad to help, and thanks for your patience.

Highlighted
L1 Bithead

Hello again.

 

On version 8.0.4 I continue having the same problem:

bug.PNG

How can I solve it?

 

Thanks

 

Highlighted
L4 Transporter

PAN-OS 8.0 depletes CVE information from old XPATH

 

For 8.0.4 onward, please use new XPATH in op command.

 

type=op&cmd=<show><predefined><xpath>/predefined/threats/vulnerability</xpath>

 

Example of working output

 

<response status="success"><result><vulnerability>
<entry name="35931" p="yes">
<threatname>HP Data Protector OmniInet Opcode Buffer Overflow Vulnerability</threatname>
<cve xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<member>CVE-2011-1865</member>
</cve>
<category>overflow</category>
<severity>high</severity>
<affected-host>
<server>yes</server>
</affected-host>
<default-action>alert</default-action>
</entry>
....

Highlighted
L1 Bithead

The example above is close, not sure if some of it got stripped out. This works for me on latest versions V8 and higher.

 

https[:]//IPADDRESS/api/?key=YOURKEY&type=op&cmd=<show><predefined><xpath>/predefined/threats/vulnerability</xpath></predefined></show>

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!